Netgear XSM4324CS Software Administration Manual Software Version 12.x
Netgear XSM4324CS Manual
![]() |
View all Netgear XSM4324CS manuals
Add to My Manuals
Save this manual to your list of manuals |
Netgear XSM4324CS manual content summary:
- Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 1
Software Administration Manual M4300 Intelligent Edge Series Fully Managed Stackable Switches Software Version 12.0.8 M4300 Series Switches M4300-96X Modular Switch September 2019 202-11996-01 NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134, USA - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 2
M4300-96X Fully Managed Switches Support Thank you for purchasing this NETGEAR product. You can visit https://www.netgear.com/support/ to register your product, get help, access the latest downloads and user manuals, and join our community. We recommend that you use only official NETGEAR support - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 3
Series and M4300-96X Fully Managed Switches Chapter 1 Documentation Resources Chapter 2 LAGs Link Aggregation Concepts Enable GVRP 56 Local Browser Interface: Configure GVRP on switch A 58 Local Browser Interface: Configure GVRP on Switch B 60 Private VLANs 61 Assign Private-VLAN Types (Primary - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 4
M4300-96X Fully Managed Switches Switch 79 CLI: Enable Routing for the Switch 79 Local Browser Interface: Enable Routing for the Switch 80 Enable Routing for Ports on the Switch 80 CLI: Enable Routing for Ports on the Switch Switch 93 CLI: Set Up VLAN Routing for the VLANs and the Switch 93 Local - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 5
Series and M4300-96X Fully Managed Switches Chapter 6 RIP Routing Information Protocol Concepts 96 Enable Routing for the Switch 97 CLI: Enable Routing for the Switch 97 Local Browser Interface: Enable Routing for the Switch 97 Enable Routing for Ports 98 CLI: Enable Routing and Assigning - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 6
Series and M4300-96X Fully Managed Switches Route-Map Statements 155 PBR Processing Logic 156 PBR Configurations 158 PBR Example 158 Chapter 9 ARP Proxy Interface: Configure ACL Mirroring 210 Configure ACL Redirection 213 CLI: Redirect a Traffic Stream 214 6 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 7
M4300-96X Fully Managed Switches Local Browser Interface: Redirect a Traffic Stream 215 Add ACL Remarks 218 Change the Sequence of an ACL Rule 219 Configure a Management ACL 221 Example 1: Permit Any Host to Access the Switch Chapter 13 DiffServ Differentiated Services Concepts 242 DiffServ - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 8
Series and M4300-96X Fully Managed Switches Local Browser Interface: Diffserv for VoIP 261 Auto VoIP 266 Protocol-Based Auto VoIP 266 OUI-Based Auto VoIP Querier Status 300 Chapter 15 MVR Multicast VLAN Registration 302 Configure MVR in Compatible Mode 303 8 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 9
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure MVR in Compatible Mode 304 Local Browser Interface: Configure MVR in Compatible Mode . . . . . 306 Browser Interface: Find a Rogue DHCP server 357 Enter Static Binding into the Binding Database 359 9 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 10
M4300 Series and M4300-96X Fully Managed Switches CLI: Enter Static Binding into the Binding Database 359 Local Browser Interface: Enter Static Binding into the Time for MAB 407 Local Browser Interface: Reduce the Authentication Time for MAB . 407 10 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 11
Series and M4300-96X Fully Managed Switches Chapter 18 ) Ports and Destination (Probe 423 Remote SPAN 423 CLI: Enable RSPAN on a Switch 424 Dual Image 426 CLI: Download a Backup Image and Make It Active 427 Configuration Management 437 Full Memory Dump 438 11 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 12
Interface: Configure Logging for the Port 447 Email Alerting 448 CLI: Send Log Messages to [email protected] Using Account [email protected] 449 Chapter 21 Switch Stacks Switch Stack Management and Connectivity 451 Stack Master and Stack Members 451 Stack Master 452 Stack Members 453 Stack - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 13
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Renumber Stack Members 467 Move the : Specify Two DNS Servers 482 Manually Add a Host Name and an IP Address 482 CLI: Manually Add a Host Name and an IP Address 482 Local Browser Interface: Manually Add a Host Name and an - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 14
Series and M4300-96X Fully Managed Switches Chapter 25 DHCPv6 Server Dynamic Host Configuration Protocol Version 6 Concepts 492 CLI: Configure DHCPv6 Prefix Delegation 6in4 Tunnel 538 Local Browser Interface: Create a 6in4 Tunnel 539 Create a 6to4 Tunnel 543 14 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 15
Series and M4300-96X Fully Managed Switches CLI: Create a 6to4 Tunnel 544 Local Browser Interface: Create a 6to4 Tunnel 549 Chapter 29 IPv6 Interface Configuration 33 DVMRP Distance Vector Multicast Routing Protocol Concepts 662 CLI: Configure DVMRP 663 15 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 16
and M4300-96X Fully Managed Switches Local Browser Interface: Configure DVMRP 669 Chapter 34 PTP End-to-End Transparent Clock PTP Concepts 680 PTP Time Stamp Operation 680 PTP Transparent Clocks 681 Manage the 702 CLI: Enable iSCSI Awareness with DSCP 702 16 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 17
Series and M4300-96X Fully Managed Switches Local Browser Interface the Old Factory Default Configuration File 708 Chapter 39 NETGEAR SFP Connect with a NETGEAR AGM731F SFP 710 Chapter 40 Expandable Ports Configuration Expand Four 10G Ports . . . . . 712 Index 17 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 18
by visiting netgear.com/support/download/: • The installation guide for your switch and for the components: - Installation Guide M4300 Intelligent Edge Series Fully Managed Stackable Switches - Installation Guide Fully Managed Switches Model M4300-96X - Installation Guide Fully Managed Switch Port - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 19
Series and M4300-96X Fully Managed Switches Note: Firmware updates with new features and bug fixes are made available from time to time at netgear.com/support/download/. Some products can regularly check the site and download new firmware, or you can check for and download new firmware manually. If - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 20
2 2LAGs Link Aggregation Groups This chapter includes the following sections: • Link Aggregation Concepts • Add Ports to LAGs 20 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 21
Series and M4300-96X Fully Managed Switches Link Aggregation Concepts Link aggregation allows the switch to treat multiple physical links between two endpoints as a single logical link. All increase, which is useful if only a small increase is needed. LAGs 21 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 22
and M4300-96X Fully Managed Switches Add Ports to LAGs The example is shown as CLI commands and as a local browser interface procedure. CLI: Add Ports to the LAGs (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear Switch) (Interface - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 23
and M4300-96X Fully Managed Switches d. Click the gray boxes under port 2 and 3. Two check marks display in the box. e. Click the Apply button to save the settings. 2. Add ports to lag_20. a. Select Switching > the boxes. e. Click Apply to save the settings. LAGs 23 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 24
3 3VLANs Virtual LANs This chapter includes the following sections: • VLAN Concepts • Create Two VLANs • Assign Ports to VLAN 2 • Create Three VLANs • Assign Ports to VLAN 3 • Assign VLAN 3 as the Default VLAN for Port 1/0/2 • Create a MAC-Based VLAN • Create a Protocol-Based VLAN • Virtual VLANs: - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 25
M4300 Series and M4300-96X Fully Managed Switches VLAN Concepts Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like a bridge, a VLAN switch forwards traffic based on the Layer 2 header, which is fast. Like a router, it partitions the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 26
Series and M4300-96X Fully Managed Switches The following examples show how to create VLANs, assign VLAN IDs while leaving the names blank. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan 3 (Netgear Switch) (Vlan)#exit Local Browser Interface: Create Two - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 27
M4300 Series and M4300-96X Fully Managed Switches 2. Create VLAN3. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 3. • In the VLAN Name field, - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 28
Series and M4300-96X Fully Managed Switches Local Browser Interface: Assign Ports to VLAN 2 1. Assign ports to VLAN2. a. Select Switching > VLAN > Advanced > tagged frames will be accepted on ports 1/0/1 and 1/0/2. a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 29
Series and M4300-96X Fully Managed Switches c. Enter the following information: • In the Acceptable Frame Type polyhedron the names blank. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 100 (Netgear Switch) (Vlan)#vlan 101 (Netgear Switch) (Vlan)#vlan 102 (Netgear Switch) (Vlan)#exit - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 30
Series and M4300-96X Fully Managed Switches • In the VLAN Name field, enter VLAN100. c. Click Add. 2. Create VLAN101. a. Select Switching > VLAN Name field, enter VLAN101. c. Click Add. 3. Create VLAN102. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 31
Series and M4300-96X Fully Managed Switches • In the VLAN Name field, enter VLAN102. c. Click Add Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#vlan acceptframe all (Netgear Switch) (Interface 1/0/4)#exit (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 32
Series and M4300-96X Fully Managed Switches The T specifies that the egress packet is tagged for the ports. e. Click Apply to save the settings. 2. Specify that untagged frames will be accepted on port 1/0/4. a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 33
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2 1. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to a VLAN that has not been created on the system. VLANs 33 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 34
M4300 Series and M4300-96X Fully Managed Switches CLI: Create a MAC-Based VLAN 1. Create VLAN3. (Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 3 (Netgear Switch)(Vlan)#exit 2. Add port 1/0/23 to VLAN3. (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/23 (Netgear Switch)( - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 35
Series and M4300-96X Fully Managed Switches Local Browser Interface: Assign a MAC-Based VLAN 1. Create VLAN3. a. Select Switching > VLAN list, select Static. c. Click Add. 2. Assign ports to VLAN3. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 36
M4300-96X Fully Managed Switches d. Click the gray box before Unit 1 until U displays. e. Click Apply. 3. Assign VPID3 to port 1/0/23. a. Select Switching to save the settings. 4. Map the specific MAC to VLAN3. a. Select Switching > VLAN > Advanced > MAC based VLAN. A screen similar to the following - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 37
M4300-96X Fully Managed Switches Create Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 4 (Netgear Switch)(Vlan)#vlan 5 (Netgear Switch)(Vlan)#protocol group 1 4 4. Assign VLAN protocol group 2 to VLAN 5. (Netgear Switch)(Vlan)#protocol group 2 5 VLANs 37 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 38
Series and M4300-96X Fully Managed Switches 5. Enable protocol VLAN group 1 and 2 on the interface. (Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear Switch)(Interface 1/0/11)#protocol vlan - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 39
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: In the VLAN ID field, enter 5. In the , enter 1. • In the Group Name field, enter vlan_ipx. • In the Protocol list, enter ipx. VLANs 39 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 40
M4300-96X Fully Managed Switches • In the VLAN ID field, enter 4. b. Click Add. 3. Create the protocol-based VLAN group vlan_ip. a. Select Switching Click Add. 4. Add port 11 to the group vlan_ipx. a. Select Switching > VLAN > Advanced > Protocol Based VLAN Group Membership. A screen similar - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 41
M4300-96X Fully Managed Switches b. In the Group ID list, select 1. c. Click the gray box under port 11. A check mark displays in the box. d. Click the Apply button. 5. Add port 11 to the group vlan_ip. a. Select Switching for the packet to be switched. VLANs 41 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 42
Series and M4300-96X Fully Managed Switches 1/0/1 Switch 1/0/24 PC 1 10.100.5.1 Figure 3. IP subnet-based VLAN CLI: Create an IP Subnet-Based VLAN PC 2 10.100.5.30 (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#vlan association subnet 10.100.0.0 255 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 43
and M4300-96X Fully Managed Switches Local Browser Interface: Create an IP Subnet-Based VLAN 1. Create VLAN 2000. a. Select Switching > Static. c. Click Add. 2. Assign all the ports to VLAN 2000. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 44
M4300-96X Fully Managed Switches e. Click Apply. 3. Associate the IP subnet with VLAN 2000. a. Select Switching management control and that clients attached to the network cannot initiate a direct attack on voice components. The switch can be configured to support so that better service can be Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 45
M4300 Series and M4300-96X Fully Managed Switches Regular data arriving on the switch is given the default priority of the port (default 0), and the voice traffic is received with higher priority. This segregates both the traffic to provide better service to the voice traffic. The switch manually - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 46
M4300-96X Fully Managed Switches Voice VLAN Interoperation with Auto-VoIP This section describes a situation in which both the voice VLAN and Auto-VoIP are enabled on a port. A voice VLAN configures the ingress port as tagged (in VLAN-ID mode) only if the switch 46 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 47
M4300-96X Fully Managed Switches However, if you configure a port for both the voice VLAN and Auto-VoIP with same VLAN ID for both VLANs, and LLDP-MED functions between the switch you use a separate data VLAN, the voice VLAN supports segregation and separation of voice traffic from data traffic Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 48
Series and M4300-96X Fully Managed Switches PBX 1/0/1 Switch 1/0/2 1/0/3 VoIP phone VoIP phone PC PC and Prioritize Voice Traffic 1. Create VLAN 10. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#exit VLANs 48 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 49
and M4300-96X Fully Managed Switches 2. Include the ports 1/0/1 and 1/0/2 in VLAN 10. (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan tagging 10 (Netgear Switch) (conf - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 50
Series and M4300-96X Fully Managed Switches 9. Assign it to interfaces 1/0/1 and 1/0/2. (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)# service-policy in PolicyVoiceVLAN Local Browser Interface: Configure Voice VLAN and Prioritize Voice Traffic - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 51
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the VLAN Membership table, in the VLAN ID list, select 10. c. Select Port 1 and Port 2 as tagged. d. Click Apply. 3. Configure Voice VLAN globally. a. Select Switching a. Select Switching > VLAN > - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 52
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Click Apply. Note: The following steps are optional. These steps assign criteria for the class as VLAN 10. a. Select QoS > DiffServ > Advanced > Class Configuration. VLANs 52 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 53
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click the class ClassVoiceVLAN. c. In the DiffServ Class Create the DiffServ policy PolicyVoiceVLAN. a. Select QoS > DiffServ > Advanced > Policy Configuration. VLANs 53 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 54
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Policy Name field, enter PolicyVoiceVLAN. c. In the > Policy Configuration. A screen similar to the following displays. b. Click the Policy PolicyVoiceVLAN. VLANs 54 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 55
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. c. In the field next to the Assign Queue radio button, select 3. d. Click Apply. 9. Assign it to interfaces 1/0/1 and 1/0/2. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 56
Series and M4300-96X Fully Managed Switches Configure GARP VLAN Registration Protocol Generic Attribute Registration Protocol (GARP) VLAN Registration Protocol (GVRP) provides IEEE 802.1Q-compliant VLAN pruning and dynamic VLAN creation on 802.1Q-tagged ports. With GVRP, a switch can exchange - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 57
M4300-96X Fully Managed Switches 3. On Switch B, enable GVRP. (Netgear Switch) #set gvrp adminmode (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#set gvrp interfacemode 4. On Switch Untagged VLANs 57 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 58
M4300-96X Fully Managed Switches Local Browser Interface: Configure GVRP on switch A 1. On Switch A, create VLANs 1000, 2000, and 3000: a. Select Switching as a tagged port to VLANs 1000, 2000, and 3000: a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 59
M4300-96X Fully Managed Switches T specifies that the switch tags egress packets for port 24. d. Click Apply. 3. Enable GVRP globally: a. Select Switching > VLAN > Advanced > GARP Switch Apply. 4. Enable GVRP on port 1/0/24. a. Select Switching > VLAN > Advanced > GARP Port Configuration. A screen - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 60
M4300 Series and M4300-96X Fully Managed Switches c. From the Port GVRP Mode menu, select Enable. d. Click Apply. Local Browser Interface: Configure GVRP on Switch B 1. Enable GVRP globally: a. Select Switching > VLAN > Advanced > GARP Switch port 1/0/11: a. Select Switching > VLAN > Advanced > GARP - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 61
M4300 Series and M4300-96X Fully Managed Switches b. Scroll down and select the check box that corresponds to interface following figure shows how private VLANs can be extended across multiple switches through inter-switch/stack links that transport primary, community, and isolated VLANs between - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 62
Series and M4300-96X Fully Managed Switches Figure 8. Private VLANs The following figure illustrates the private VLAN traffic the community ports which are associated with community VLAN 102. Port F is the inter-switch/stack link. It is configured to transmit VLANs 100, 101 and 102. Colored arrows - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 63
Series and M4300-96X Fully Managed Switches Assign Private-VLAN Types (Primary, Isolated, Community) The example is shown as CLI commands and as a local browser interface procedure. CLI: Assign Private-VLAN Type ( - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 64
Series and M4300-96X Fully Managed Switches b. Under Private VLAN Type Configuration, select the VLAN ID 100 check box. Now 100 appears in the Traffic Control > Private VLAN > Private VLAN Type Configuration. A screen similar to the following displays. VLANs 64 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 65
Series and M4300-96X Fully Managed Switches b. Under Private VLAN Type Configuration, (secondary VLAN) to VLAN 100 (primary VLAN). (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) #config (Config)#vlan 100 (Config)(Vlan) # VLAN ID 100. VLANs 65 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 66
Series and M4300-96X Fully Managed Switches c. In the Secondary VLAN(s) field, mode. (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) #config > Private VLAN Port Mode Configuration. VLANs 66 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 67
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Private VLAN Port Mode Configuration, select the 1/0/1 interface check VLAN Mode field, select Host from the menu. d. Click Apply to save the settings. VLANs 67 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 68
Series and M4300-96X Fully Managed Switches Configure Private-VLAN Host Ports The ). (Netgear Switch) (Netgear Switch) (Netgear Switch) 100 101 (Netgear Switch) (Netgear Switch) (Netgear Switch) 100 102 (Netgear Switch) # and 1/0/3 interface check box. VLANs 68 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 69
Series and M4300-96X Fully Managed Switches c. In the Host Primary VLAN field, enter 100. d. In the Host VLAN (100) and to secondary VLANs (101-102). (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) #config (Config)#interface 1/0/1 (Interface 1/0/1)#switchport private-vlan - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 70
M4300 Series and M4300-96X Fully Managed Switches and Trunk Ports Using switch ports can minimize potential configuration errors. Switch ports also facilitate the end user, use a switch port in access mode. To configure a port that is connected to another switch, use a switch port in trunk mode - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 71
M4300-96X Fully Managed Switches The switch supports the following switch port modes, each with its own VLAN membership rules: • Access mode. In access mode, the following rules apply to switch switch, to switch for connections between switches, for which the NETGEAR legacy switch behavior for switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 72
Series and M4300-96X Fully Managed Switches The following figure shows a configuration with access ports and a trunk port. PC1 PC2 1/0/1 access port in VLAN 1000 Switch 1/0/2 access port in VLAN 2000 1/0/3 trunk port that allows LANs 1000 and 2000 Network Figure 10. Access and trunk ports CLI - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 73
and M4300-96X Fully Managed Switches 4. Configure port 1/0/3 as a trunk port. (Netgear Switch) (Interface 1/0/3)#switchport mode trunk (Netgear Switch) (Interface 1/0/3)#switchport trunk allowed vlan 1000,2000 5. Configure all incoming untagged packets to be tagged with the native VLAN ID. (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 74
M4300 Series and M4300-96X Fully Managed Switches d. In the VLAN ID field, enter 2000. e. Click Add. 2. Configure port 1/0/1 as an access port in VLAN 1000. a. Select Switching > VLAN > Advanced > VLAN Trunking Configuration. A screen similar to the following displays. b. Select the check box that - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 75
M4300 Series and M4300-96X Fully Managed Switches The Interface field in the table heading displays 1/0/1. c. In the Switchport Mode field, select Access. d. In the Access VLAN ID field, select 1000. e. Click Apply. 3. Configure port 1/0/2 as an access port in VLAN 2000. a. Select Switching Switching - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 76
Series and M4300-96X Fully Managed Switches b. Select the check box that corresponds to interface 1/0/3. you configure incoming untagged packets to be tagged with VLAN ID 2000. If you want the switch to drop untagged packets, ignore this step. e. In the Trunk Allowed VLANs field, enter - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 77
4 4Port Routing Port routing, default routes, and static routes This chapter includes the following sections: • Port Routing Concepts • Port Routing Configuration • Enable Routing for the Switch • Enable Routing for Ports on the Switch • Add a Default Route • Add a Static Route 77 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 78
M4300-96X Fully Managed Switches Port Routing Concepts The first networks were small enough for the end stations to communicate directly. As networks grew, Layer 2 bridging was used to segregate traffic, a technology that worked well for unicast traffic, but had problems switch supports Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 79
M4300-96X Fully Managed Switches You can then activate RIP or OSPF, used by routers to exchange route information, on top of IP Routing. RIP is more often used in smaller networks, while OSPF was designed for larger and more complex topologies. The following figure shows a Layer 3 switch configured - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 80
Series and M4300-96X Fully Managed Switches Local Browser Interface: Enable Routing for the Switch 1. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. 2. For Routing Mode, select the Enable radio button. 3. Click Apply to save the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 81
M4300 Series and M4300-96X Fully Managed Switches CLI: Enable Routing for Ports on the Switch (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Switch Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 82
M4300 Series and M4300-96X Fully Managed Switches • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click 192.150.5.1/24 to interface 1/0/5. a. Select Routing > IP > Advanced > IP Interface Configuration. Port Routing 82 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 83
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and be manually created by the network administrator. The route created manually is called the static or default route. A default route is used for forwarding the packet when the switch cannot - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 84
Series and M4300-96X Fully Managed Switches CLI: Add a Default Route (FSM7338S) (Config) #ip route default? Enter the IP Address of the next router. ( bottom of the screen. This creates the default route entry in the routing table. Port Routing 84 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 85
Series and M4300-96X Fully Managed Switches Add a Static Route When the switch performs IP routing, it forwards the packet to the default route for a destination that is not the Route Type list, select Static. 3. Fill in the Network Address field. Port Routing 85 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 86
Series and M4300-96X Fully Managed Switches Note that this field should have a network IP address, not a host IP address. Do not enter something like 10,100.100.1. The to the left of the entry, and click the Delete button on the bottom of the screen. Port Routing 86 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 87
5 5VLAN Routing VLAN routing for a VLAN and for the switch This chapter includes the following sections: • VLAN Routing Concepts • Create Two VLANs • Set Up VLAN Routing for the VLANs and the Switch 87 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 88
Series and M4300-96X Fully Managed Switches VLAN Routing Concepts You can configure the switch with some ports supporting VLANs and some supporting routing. You can also configure the switch to provide the VLAN routing support shown in the diagram. VLAN Routing 88 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 89
Series and M4300-96X Fully Managed Switches Layer 3 switch Port 1/0/2 VLAN Router port 1/3/1 192.150.3.1 Port 1/0/3 VLAN Router port 1/3/2 192.150.4.1 Port 1/0/1 Layer 2 Switch Layer 2 Switch VLAN 10 VLAN 20 Figure 12. Layer 3 switch configured for port routing CLI: Create Two VLANs The - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 90
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Create Two VLANs 1. Create VLAN 10 and VLAN20. a. Select Switching d. In the VLAN Type list, select Static. e. Click Add. f. Select Switching > VLAN > Advanced > VLAN Configuration. A screen similar to the following displays. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 91
Series and M4300-96X Fully Managed Switches 2. Add ports to the VLAN10 and VLAN20. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID packet is tagged for the port. j. Click Apply. VLAN Routing 91 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 92
Series and M4300-96X Fully Managed Switches 3. Assign PVID to VLAN10 and VLAN20. a. Select Switching > VLAN > Advanced > Port PVID 4093) field, enter 10. d. Click Apply to save the settings. e. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 93
M4300-96X Fully Managed Switches Set Up VLAN Routing for the VLANs and the Switch The example is shown as CLI commands and as a local browser interface procedure. CLI: Set Up VLAN Routing for the VLANs and the Switch 1. The following code sequence shows how to enable routing for the VLANs: (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 94
Series and M4300-96X Fully Managed Switches Local Browser Interface: Set Up VLAN Routing for the VLANs and the Switch 1. Select Routing > VLAN> VLAN Routing. A screen similar to the following displays. 2. Enter the 6. Click Add to save the settings. VLAN Routing 94 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 95
6 6RIP Routing Information Protocol This chapter includes the following sections: • Routing Information Protocol Concepts • Enable Routing for the Switch • Enable Routing for Ports • Enable RIP on the Switch • Enable RIP for Ports 1/0/2 and 1/0/3 • Configure VLAN Routing with RIP Support 95 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 96
M4300 Series and M4300-96X Fully Managed Switches additional 120 seconds. There are two versions of RIP (the switch supports both): • RIPv1 defined in RFC 1058. - Routes are received. • Prevent any RIP packets from being sent. Layer 3 switch acting as a router Port 1/0/2 192.150.2.2 Port 1/0/5 192. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 97
Series and M4300-96X Fully Managed Switches Enable Routing for the Switch The example is shown as CLI commands and as a local browser interface procedure. CLI: Enable Routing for the Switch (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Local Browser - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 98
and M4300-96X Fully Managed Switches Enable Routing for Ports The example is shown as CLI commands and as a local browser interface procedure. CLI: Enable Routing and Assigning IP Addresses for Ports 1/0/2 and 1/0/3 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 99
M4300 Series and M4300-96X Fully Managed Switches • In the IP Address field, enter 192.150.2.1. • In field at the top. c. Enter the following information: In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.150.3.1. • In the Subnet Mask field, enter 255 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 100
and M4300-96X Fully Managed Switches Enable RIP on the Switch Note: Unless you have previously disabled RIP, you can skip this step since RIP is enabled by default. CLI: Enable RIP on the Switch This sequence enables RIP for the switch. The route preference defaults to 15. (Netgear Switch) #config - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 101
Series and M4300-96X Fully Managed Switches Enable RIP for Ports 1/0/2 and 1/0/3 The example is shown as CLI commands and as a local browser interface procedure. CLI: Enable RIP for Ports 1/0/2 and 1/0/3 This - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 102
Series and M4300-96X Fully Managed Switches 3. Enter the following information: • For RIP Admin Mode, select the Enable radio button. • In the Send Version field, select RIP-2. 4. Click Apply to save the settings. Configure VLAN Routing with RIP Support Routing Information Protocol (RIP) is one - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 103
and M4300-96X Fully Managed Switches CLI: Configure VLAN Routing with RIP Support 1. Configure VLAN routing with RIP support on the switch. (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10 (Netgear Switch) (Vlan - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 104
and M4300-96X Fully Managed Switches 4. Enable RIP for the VLAN router ports. Authentication defaults to none, and no default route entry is created. (Netgear Switch) (Config)#interface vlan 10 (Netgear Switch) (Interface vlan 10)#ip rip (Netgear Switch) (Interface vlan 10)#exit (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 105
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 20. • In the IP radio button. c. Click Apply to save the setting. 4. Enable RIP on VLANs 10 and 20. RIP 105 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 106
Series and M4300-96X Fully Managed Switches a. Select Routing > RIP > Advanced > RIP Configuration. A screen similar to the following displays. b. Click the VLANS on the top For RIP Mode, select the Enable radio button. e. Click Apply to save the settings. RIP 106 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 107
7 7OSPF Open Shortest Path First This chapter includes the following sections: • Open Shortest Path First Concepts • Inter-area Router • OSPF on a Border Router • Stub Areas • NSSA Areas • VLAN Routing OSPF • OSPFv3 107 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 108
M4300-96X Fully Managed Switches not a broadcast, address. • Hierarchical management, allowing the network to be subdivided. which it provides connectivity. The switch operating as a router and you how to configure the switch first as an inter-area used to configure the switch as the inter-area - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 109
Series and M4300-96X Fully Managed Switches Layer 3 switch acting as an inter-area router Port 1/0/2 192.150.2.1 Port 1/0/3 192.150.3.1 Border Router Border Router Area 2 Area 3 Figure 15. Network segment with an inter- - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 110
M4300 Series and M4300-96X Fully Managed Switches 3. Specify the router ID, and enable OSPF for the switch. Set disable1583 compatibility to prevent a routing loop. (Netgear Switch) #config (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 111
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure an Inter-area Router 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to 1/0/2 appears in the Interface field at the top. OSPF 111 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 112
Series and M4300-96X Fully Managed Switches c. Enter the following information: • In the IP Address field, enter 192.150.2.1. to save the settings. 4. Specify the router ID, and enable OSPF for the switch. a. Select Routing > OSPF > Advanced > OSPF Configuration. OSPF 112 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 113
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under OSPF Configuration, enter the following information: • In Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. OSPF 113 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 114
Series and M4300-96X Fully Managed Switches b. Scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. • In the OSPF , enter 255. • In the Metric Cost field, enter 64. c. Click Apply to save the settings. OSPF 114 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 115
M4300 Series and M4300-96X Fully Managed Switches OSPF on a Border Router The example is shown as CLI commands and as a local browser interface procedure. For an OSPF sample network, see Figure 15 on page 109. CLI: Configure OSPF on a Border Router 1. Enable routing for the switch. (Netgear Switch) - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 116
and M4300-96X Fully Managed Switches 4. Enable OSPF for the ports, and set the OSPF priority and cost for the ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip ospf (Netgear Switch) (Interface 1/0/2)#ip ospf areaid 0.0.0.2 (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 117
Series and M4300-96X Fully Managed Switches b. For Routing Mode, select the Enable radio button. c. Click Apply the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.150.2.2. • In the Network Mask field, enter - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 118
and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 119
Series and M4300-96X Fully Managed Switches c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.64.4.1. • In the Network Mask field, enter 255.255.255.0. • In the Admin Mode field, select Enable. d. Click - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 120
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 1/0/2 check box. OSPF Area ID field, enter 0.0.0.3. • In the OSPF Admin Mode field, select Enable. OSPF 120 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 121
M4300 Series and M4300-96X Fully Managed Switches • In the Priority field, enter 255. • In the Metric Cost field, and as a local browser interface procedure. Port 2/0/11 Layer 3 switch Port 2/0/19 Port 1/0/15 Layer 3 switch Area 0 Figure 16. Area 1 is a stub area OSPF Area 1 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 122
Series and M4300-96X Fully Managed Switches CLI: Configure Area 1 as a Stub Area on A1 1. Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing 2. Set the router ID to 1.1.1.1. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 123
M4300 Series and M4300-96X Fully Managed Switches (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State 4.4.4.4 192.168.10.2 2/0/11 Full 2.2.2.2 192.168.20.2 2/0/19 Full (Netgear Switch Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 124
and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 125
Series and M4300-96X Fully Managed Switches c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.168.20.1. • In the Network Mask field, enter 255.255.255.0. • In the Admin Mode field, select Enable. d. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 126
M4300 Series and M4300-96X Fully Managed Switches Now 2/0/11 appears in the Interface field at the top. • In the OSPF Area ID field, enter 0.0.0.0. • . 7. Configure area 0.0.0.1 as a stub area. a. Select Routing > OSPF > Advanced > Stub Area Configuration. OSPF 126 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 127
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Area ID field, enter 0.0.0.1. • In the Import Summary LSAs field, select Disable. c. Click - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 128
Series and M4300-96X Fully Managed Switches 4. Enable OSPF area 0.0.0.1 on the 1/0/15. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 1/0/15 (Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 129
Series and M4300-96X Fully Managed Switches 2. Assign IP address 192.168.10.1 to port 1/0/15. a. Select at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.168.20.2. • In the Network Mask field, enter - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 130
Series and M4300-96X Fully Managed Switches c. Click Apply to save the settings. 4. Enable OSPF on port 1/0/15. a. Select Routing > OSPF > Advanced > Interface Configuration. . b. In the Area ID field, enter 0.0.0.1. c. Click Add to save the settings. OSPF 130 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 131
Managed Switches NSSA Areas Port 2/0/11 Layer 3 switch Port 2/0/19 Port 1/0/15 Layer 3 Switch Area 0 Area 1 Figure 17. NSSA area The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure Area 1 as an NSSA Area 1. Enable routing on the switch. (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 132
M4300-96X Fully Managed Switches 4. Enable area 0.0.0.1 on port 2/0/19. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 2/0/11 (Netgear Switch) (Interface 2/0/11)#routing (Netgear Switch) (Interface 2/0/11)#ip address 192.168.10.1 255.255.255.0 (Netgear Switch Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 133
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Area 1 as an NSSA Area on A1 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen In the IP Address field, enter 192.168.10.1. OSPF 133 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 134
Series and M4300-96X Fully Managed Switches • In the Network Mask field, enter 255.255.255.0. • In the Admin Mode field, Apply to save the settings. 4. Specify the router ID, and enable OSPF for the switch. a. Select Routing > OSPF > Basic > OSPF Configuration. OSPF 134 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 135
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under OSPF Configuration, in the Router ID field, enter 2.2.2.2. c. . 6. Enable OSPF on port 2/0/19. a. Select Routing > OSPF > Advanced > Interface Configuration. OSPF 135 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 136
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 2/0/19 check box. 2/0/19 now 0.0.0.1. • In the Import Summary LSA's field, select Disable. c. Click Add to save the settings. OSPF 136 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 137
Series and M4300-96X Fully Managed Switches CLI: Configure Area 1 as an NSSA Area on A2 1. Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#router ospf 2. Set the router ID to 2.2.2.2. (Netgear Switch) (Config-router)#router-id - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 138
M4300-96X Fully Managed Switches 5. Enable OSPF area 0.0.0.1 on port 1/0/15. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#routing (Netgear Switch) (Interface 1/0/11)#ip address 192.168.30.1 255.255.255.0 (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 139
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Area 1 as an NSSA Area on A2 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP information: • In the IP Address Configuration Method field, select Manual. OSPF 139 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 140
M4300 Series and M4300-96X Fully Managed Switches • In the IP Address field, enter 192.168.30.1. • field at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.168.20.2. • In the Network Mask field, enter - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 141
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under OSPF Configuration, in the Router ID field, enter 2.2.2.2. c. Enable OSPF on port 1/0/15. a. Select Routing > OSPF > Advanced > Interface Configuration. OSPF 141 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 142
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/15 check box. Now Redistribute the RIP routes into the OSPF area. a. Select Routing > OSPF > Advanced > Route Redistribution. OSPF 142 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 143
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the RIP check box. Now RIP appears in the Source communicates with border routers in each of the areas to which it provides connectivity. OSPF 143 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 144
Series and M4300-96X Fully Managed Switches The switch operating as a router and running OSPF will determine the best route using the assigned cost and the type of the OSPF route. The order for - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 145
Series and M4300-96X Fully Managed Switches 2. Specify the router ID and enable OSPF for the switch. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config router)#router-id 192.150.9.9 (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#exit 3. Enable OSPF for the VLAN - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 146
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 10. • In the port 3 until T displays. The T specifies that the egress packet is tagged for the port. OSPF 146 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 147
Series and M4300-96X Fully Managed Switches d. Click Apply to save the VLAN that includes port 3. 3. Enable OSPF on the switch. a. Select Routing > OSPF > Basic > OSPF Configuration. A screen similar to the enter 128. • In the Metric Cost field, enter 32. OSPF 147 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 148
M4300 Series and M4300-96X Fully Managed Switches e. Click Apply to save the settings. 5. Enable OSPF on VLAN 20. a. which eventually allow its use for both IPv4 and IPv6. Point-to-point links are also supported in order to enable operation over tunnels. It is possible to enable OSPF and OSPFv3 at - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 149
and M4300-96X Fully Managed Switches Switch A1 Switch A2 Area 0 Figure 18. OSPFv3 Protocol for IPv6 CLI: Configure OSPFv3 1. On A1, enable IPv6 unicast routing on the switch. (Netgear Switch) (Config)#ipv6 unicast-routing 2. Enable OSPFv3, and assign 1.1.1.1 to router ID. (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 150
and M4300-96X Fully Managed Switches 5. On A2, enable IPv6 unicast routing on the switch. (Netgear Switch) (Config)#ipv6 unicast-routing 6. Enable OSPFv3, and assign 2.2.2.2 as the router ID. (Netgear Switch) (Config)#ipv6 router ospf (Netgear Switch) (Config-rtr)#enable (Netgear Switch) (Config - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 151
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure OSPFv3 1. Enable IPv6 unicast routing on the switch. a. Select Routing > IPv6 > Basic > IPv6 Global Configuration Select Routing > IPv6 > Advanced > IP Interface Configuration. OSPF 151 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 152
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 check box. Now 1/0/1 appears in In the Onlink Flag field, select Disable. • In the Autonomous Flag field, select Disable. OSPF 152 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 153
M4300 Series and M4300-96X Fully Managed Switches d. Click Add to save the settings. 5. Enable OSPFv3 on port 1/0/1. a. Select Routing following displays. To use the local browser interface to configure OSPF on switch A2, repeat this process for switch A2. OSPF 153 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 154
8 8PBR Policy-based routing This chapter includes the following sections: • Policy-Based Routing Concepts • Route-Map Statements • PBR Processing Logic • PBR Configurations • PBR Example 154 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 155
Series and M4300-96X Fully Managed Switches Policy-Based Routing Concepts Normally, switches make forwarding switch are then subject to the local PBR. However, this feature is not supported. Starting with Software Version 10.2, the NETGEAR switch supports PBR 155 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 156
Managed Switches To classify L3 routed traffic, the switch supports the following packet entities: • The size of the packet • Protocol of the payload (Protocol ID field in IP header) • Source MAC address • Source IP address • Destination IP address • Priority (802.1P priority) NETGEAR's policy - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 157
M4300 Series and M4300-96X Fully Managed Switches The route map with a deny statement uses the following logic: • The incoming packet is matched against the criteria to the action in the set clause. • Route (alone). Route using the default routing table. PBR 157 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 158
M4300-96X Fully Managed Switches the VLAN ID as the match condition. PBR supports the preconfiguration of the route map on routing interfaces a higher-bandwidth, high-cost (price of link) link while the addresses must be routed through ISP2, the switch that is connected with different groups must be - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 159
M4300 Series and M4300-96X Fully Managed Switches IPS1 20.1.1.2 Group 1 Company network Group 2 1/0/1 1/0/2 1/0/3 20.1.1.1 M4300 switch 20.2.1.1 1/0/4 20.2.1.2 IPS2 Internet Figure 19. PBR topology 1. Create an IP ACL 1 to match 10.1.0.0/16. (Netgear Switch) (Config) #access-list 1 permit 10 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 160
and M4300-96X Fully Managed Switches 5. Create VLAN 30 and put interface 1/0/1 and 1/0/2 into it. (Netgear Switch) #vlan database (Netgear Switch) (Vlan) #vlan 30 (Netgear Switch) (Vlan) #vlan routing 30 (Netgear Switch) (Vlan) #exit (Netgear Switch) (Config) #interface 1/0/1-1/0/2 (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 161
9 9ARP Proxy Address Resolution Protocol This chapter includes the following sections: • Proxy ARP Concepts • Proxy ARP Examples 161 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 162
Series and M4300-96X Fully Managed Switches Proxy ARP Concepts Proxy ARP allows a router of the commands used in the proxy ARP feature. CLI: show ip interface (Netgear Switch) #show ip interface ? brief Enter an interface in slot/port 1500 ARP 162 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 163
Series and M4300-96X Fully Managed Switches CLI: ip proxy-arp (Netgear Switch) (Interface 0/24)#ip proxy-arp ? Press Enter to execute the command. (Netgear Switch) (Interface 0/24)#ip proxy-arp Local Enable. 4. Click Apply to save the settings. ARP 163 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 164
10 10VRRP Virtual Router Redundancy Protocol This chapter includes the following sections: • Virtual Router Redundancy Protocol Concepts • VRRP on a Master Router • VRRP on a Backup Router 164 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 165
M4300 Series and M4300-96X Fully Managed Switches 3 switch acting as router 2 Port 1/0/4 VLAN 192.150.4.1 Virtual router ID 20 Virtual addr. 192.150.2.1 Layer 2 Switch Figure Also, more than one port on the switch can be configured as a virtual router. Either a physical port - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 166
and M4300-96X Fully Managed Switches VRRP on a Master Router This example shows how to configure the switch to support VRRP. Router 1 is the default master router for the virtual route, and Router 2 is the backup router. CLI: Configure VRRP on a Master Router 1. Enable routing for the switch. IP - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 167
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure VRRP on a Master Router 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A 1/0/2. a. Select Routing > VRRP > Advanced > VRRP Configuration. VRRP 167 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 168
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Global Configuration, next to the Admin Mode, select Enable radio button. c. Enter the following information in the VRRP - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 169
Series and M4300-96X Fully Managed Switches 4. Assign virtual router IDs to port that will participate in the protocol. (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface a. Select Routing > IP > Advanced > IP Interface Configuration. VRRP 169 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 170
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/4 check box. Now 1/0/4 appears in the 192.150.2.1. • In the Status list, select Active. d. Click Add to save the settings. VRRP 170 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 171
• Set Up an IP ACL with Two Rules • One-Way Access Using a TCP Flag in an ACL • Use ACLs to Configure Isolated VLANs on a Layer 3 Switch • Set up a MAC ACL with Two Rules • Configure ACL Mirroring • Configure ACL Redirection • Add ACL Remarks • Change the Sequence of an ACL Rule • Configure - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 172
Series and M4300-96X Fully Managed Switches Access Control List Concepts Access control lists (ACLs) can control the traffic entering a network. Normally ACLs reside in a firewall router or in a router connecting two - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 173
M4300 Series and M4300-96X Fully Managed Switches IP ACLs IP ACLs classify for Layer 3. Each ACL is a set of up is the same. TCP and UDP packets will be accepted by the switch only if the source and destination stations have IP addresses within the defined sets. ACLs 173 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 174
M4300-96X Fully Managed Switches Layer 3 switch TCP packet to 192.178.88.3 rejected. Dest. IP not in range. Layer 2 switch configuring ACL support on a 7000 Series Managed Switch. Create commands: (Netgear Switch) #config (Netgear Switch) (Config (Netgear Switch) (Config)#access-list - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 175
M4300-96X Fully Managed Switches 3. Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip access-group 101 in (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 176
Series and M4300-96X Fully Managed Switches c. Click Add to create a new rule. 3. Create a new ACL rule and add it to ACL 101. a. After you click the Add button : • In the Rule ID (1 to 23) field, enter 22. • For Action, select the Permit radio button. ACLs 176 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 177
Series and M4300-96X Fully Managed Switches • In the Protocol Type list, select UDP. • In the Source IP Address field, enter 192.168.77.0. • In the Source IP the gray box under port 2. A check mark displays in the box. e. Click Apply to save the settings. ACLs 177 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 178
M4300 Series and M4300-96X Fully Managed Switches One-Way Access Using a TCP Flag in only FTP server 2. Port 0/13 192.168.100.2 Port 1/0/24 192.168.40.2 FTP server 1 Switch A Port 1/0/48 Port 0/44 FTP server 2 Switch B Port 0/35 Port 1/0/25 PC 1 192.168.30.2 192.168.50.2 PC 2 Figure 22. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 179
and M4300-96X Fully Managed Switches CLI: Configure One-Way Access Using a TCP Flag in an ACL This is a two-step process: • Step 1: Configure the VLAN and IP addresses on Switch A on page 179 • Step 2: Configure on Switch B on page 181 Step 1: Configure the VLAN and IP addresses on Switch A (See - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 180
and M4300-96X Fully Managed Switches 3. Create VLAN 200 with port 0/44 and assign IP address 192.168.200.1/24. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#vlan routing 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) #configure (Netgear Switch) (Config - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 181
and M4300-96X Fully Managed Switches Step 2: Configure on Switch B (See Figure 22, One-Way Web access using a TCP flag in an ACL on page 178.) 1. Create VLAN 40 with port 1/0/24 and assign IP address 192.168.40.1/24. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 40 (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 182
M4300 Series and M4300-96X Fully Managed Switches 3. Create VLAN 200 with port 1/0/48 and assign IP address 192.168.200.1/24. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#vlan routing 200 (Netgear Switch) (Config)#interface 1/0/48 (Netgear Switch) ( - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 183
Series and M4300-96X Fully Managed Switches b. In the VLAN Routing Wizard, enter the following information: • In the Vlan ID field, enter 30. • In the IP Address VLAN 200 with IP address 192.168.200.1/24. a. Select Routing > VLAN > VLAN Routing Wizard. ACLs 183 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 184
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 200. • In Apply to enable IP routing. 5. Add a static route with IP address 192.268.40.0/24: ACLs 184 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 185
Series and M4300-96X Fully Managed Switches a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b. Under Configure Routes, make field, enter 192.168.200.2. c. Click Add. 7. Create an ACL with ID 101. ACLs 185 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 186
Series and M4300-96X Fully Managed Switches a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP ACL Table, in rule that is associated with ACL 101. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 186 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 187
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID list, select 101. c. Click Add. rule that is associated with ACL 102. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 187 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 188
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID list, select 102. c. Click Add. 11. Apply ACL 101 to port 44. a. Select Security > ACL > Advanced > IP Binding Configuration. ACLs 188 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 189
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Binding Configuration, specify the following: • In the ACL ID list, select 101. • 44. A check mark displays in the box. e. Click Apply to save the settings. ACLs 189 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 190
M4300 Series and M4300-96X Fully Managed Switches Configuring the Switch B 1. Create VLAN 40 with IP address 192.168.40.1/24. a. Select Routing > VLAN > VLAN Routing Wizard. A screen , enter 192.168.50.1. • In the Network Mask field, enter 255.255.255.0. ACLs 190 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 191
Series and M4300-96X Fully Managed Switches c. Click Unit 1. The ports display. d. Click the gray box under port 25 twice until U displays. The U a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. ACLs 191 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 192
Series and M4300-96X Fully Managed Switches b. Under Configure Routes, make the following selections and enter the following information: • Select Static in the Route Type field. 255.0. • In the Next Hop IP Address field, enter 192.168.200.1. c. Click Add. ACLs 192 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 193
M4300 Series and M4300-96X Fully Managed Switches Use ACLs to Configure Isolated VLANs on a Layer 3 Switch This example shows how to isolate VLANs on a Layer 3 switch by . Server Port 11/0/38 10.100.5.34 10.100.5.252 Layer 3 switch Port 1/0/24 192.148.24.1 Port 1/0/48 192.148.48.1 PC1 PC2 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 194
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure One-Way Access Using a TCP Flag in ACL Commands 1. Enter the following CLI commands. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 24 (Netgear Switch) (Vlan)#vlan routing 24 (Netgear Switch) (Vlan)#exit (Netgear Switch) - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 195
and M4300-96X Fully Managed Switches 3. Create VLAN 38, add port 1/0/38 to it, and assign IP address 10.100.5.34 to it. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 38 (Netgear Switch) (Vlan)#vlan routing (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 196
M4300-96X Fully Managed Switches 9. Deny all traffic with the destination IP address 192.168.48.0/24, and permit all other traffic. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#ip access-group 102 in 1 (Netgear Switch .48.1. ACLs 196 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 197
Series and M4300-96X Fully Managed Switches a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following information: • In The ports display. d. Click the gray box under port 38 twice until U displays. ACLs 197 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 198
M4300 Series and M4300-96X Fully Managed Switches The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 38. 4. Enable IP routing: a. Select . b. In the IP ACL Table, in the IP ACL ID field, enter 101. c. Click Add. ACLs 198 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 199
M4300 Series and M4300-96X Fully Managed Switches 6. Create an ACL with ID 102. a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays that is associated with ACL 101: a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 199 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 200
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 101. c. Click Add. rule that is associated with ACL 102. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 200 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 201
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 102. c. Click Add. that is associated with ACL 103: a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 201 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 202
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 103. c. Click Add. 11. Apply ACL 102 to port 24: a. Select Security > ACL > Advanced > IP Binding Configuration. ACLs 202 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 203
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Binding Configuration, make the following selection and enter the following . d. Click the gray box under port 48. A check mark displays in the box. ACLs 203 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 204
Series and M4300-96X Fully Managed Switches e. Click Apply to save the settings. 13. Apply ACL 103 to port ACL with Two Rules 1. Create a new MAC ACL acl_bpdu. (Netgear Switch) # (Netgear Switch) #config (Netgear Switch) (Config)#mac access-list extended acl_bpdu ACLs 204 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 205
M4300 Series and M4300-96X Fully Managed Switches 2. Deny all the traffic that has destination MAC 01:80:c2:xx:xx:xx. (Netgear Switch) (Config-mac-access-list)#deny any 01:80:c2:00:00:00 00:00:00:ff:ff:ff 3. Permit all the other traffic. (Netgear Switch) (Config-mac-access-list)#permit any (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 206
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. a. In the ACL Name field, select acl_bpdu. b. In the Action field, select Deny. in the Rule Table. • In the ID field, enter 2. • In the Action field, select Permit. ACLs 206 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 207
Series and M4300-96X Fully Managed Switches c. Click the Add button. 4. Apply the ACL acl_bpdu to port 2. a. Select Security > ACL > MAC ACL > MAC Binding Configuration. A Any traffic matching this rule will be copied to the specified mirrored interface. ACLs 207 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 208
M4300 Series and M4300-96X Fully Managed Switches Other network 1/0/1 L2 switch Switch 1/0/19 Probing station Packets from 10.0.0.1 1/0/1. 1. Create an IP access control list with the name monitorHost. (Netgear Switch) (Config)# ip access-list monitorHost 2. Define the rules to match host 10 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 209
M4300 Series and M4300-96X Fully Managed Switches 3. Bind the ACL with interface 1/0/1. (Netgear Switch) (Interface 1/0/1)#ip access-group monitorHost in 1 4. View the configuration. (Netgear Switch) # show ip Number: 2 Action permit Match All TRUE ACLs 209 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 210
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure ACL Mirroring 1. Create an IP access control list with the name monitorHost on the switch. a. Select Security > ACL > Advanced Security > ACL > Advanced > IP Extended Rules. ACLs 210 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 211
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. c. In the a rule to match every other traffic. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 211 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 212
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. c. In the Rule ID Match Every field, select True. f. Click Apply. A screen similar to the following displays. ACLs 212 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 213
Series and M4300-96X Fully Managed Switches 4. Bind the ACL with interface 1/0/1. a. Select Security > ACL > Advanced > IP Binding a specified traffic stream to a specified interface. Other network 1/0/1 Switch 1/0/19 Workstation Workstation Figure 25. ACL Redirect ACLs Web server 213 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 214
Series and M4300-96X Fully Managed Switches CLI: Redirect a Traffic Stream 1/0/19. 1. Create an IP access control list with the name redirectHTTP. (Netgear Switch) (Config)#ip access-list redirectHTTP 2. Define a rule to match the HTTP stream All TRUE ACLs 214 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 215
Series and M4300-96X Fully Managed Switches Local Browser Interface: Redirect a Traffic Stream This example redirects the HTTP traffic stream received in port 1/0/1 a rule to redirect HTTP traffic. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 215 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 216
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. c. In the Rule ID rule to match every other traffic. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 216 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 217
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. c. In Bind the ACL with interface 1/0/1. a. Select Security > ACL > Advanced > IP Binding Configuration. ACLs 217 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 218
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Sequence Number field, enter 1. c. In the Port Selection Table, click Unit 1 to display all the ports. d. Select - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 219
Series and M4300-96X Fully Managed Switches 3. Check the configuration using the show running-config command. (Netgear Switch) #show running-config ip access-list acl_voice remark "permit VOIP packets whose DSCP is EF" permit ip any any dscp ef remark "deny all of - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 220
Series and M4300-96X Fully Managed Switches 2. Verify that the sequence numbers are assigned by the switch. The first sequence number is 10, the second sequence number is 20, and so on. (Netgear Switch) ( Sequence Number: 1200 Action deny Match All TRUE ACLs 220 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 221
M4300 Series and M4300-96X Fully Managed Switches 4. Insert a new ACL rule at a particular position. For example, insert a new ACL rule with sequence number 900 at the first position. The new rule drops all packets that arrive from IP address 192.168.1.1. (Netgear Switch) #config (Netgear Switch) ( - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 222
and M4300-96X Fully Managed Switches The following examples show how to configure a management ACL. Example 1: Permit Any Host to Access the Switch Through Telnet or HTTP: Permit any host to access the managed VLAN IP address of 169.254.100.100 through a Telnet or HTTP connection: (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 223
M4300 Series and M4300-96X Fully Managed Switches • DSCP value • Flow label Note that the order of the rules is important: When a packet matches multiple rules, the network 2001:DB8:C0AB:AC13::/64. • Rule-3. Permits IPv6 HTTP traffic to any destination. ACLs 223 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 224
Series and M4300-96X Fully Managed Switches CLI: Configure an IPv6 ACL 1. Create the access control list with the name ipv6-acl. (Netgear Switch) (Config)# ipv6 access-list ipv6-acl 2. Define three rules to: • Permit any IPv6 traffic to the destination network 2001:DB8:C0AB:AC14::/64 from the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 225
M4300-96X Fully Managed Switches 4. View the configuration. (Netgear Switch) #show ipv6 access-lists Current number of all ACLs: 1 Maximum number of all ACLs: 100 IPv6 ACL Name Rules ipv6-acl 3 Direction --------inbound Interface(s 1/0/1 VLAN(s (Netgear Switch Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 226
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure an IPv6 ACL 1. Create the access control list with the name ipv6-acl. a. Select displays. 2. Define the first rule (1 of 3). a. Select Security > ACL > Advanced > IPv6 Rules. ACLs 226 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 227
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the ACL Name list, select ipv6-acl. c. Click Add. A screen field, enter 64. j. Click Apply. 3. Add Rule 2. a. Select Security > ACL > Advanced > IPv6 Rules. ACLs 227 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 228
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the ACL Name list, select ipv6-acl. c. Click Add. A screen list, select telnet. l. Click Apply. 4. Add Rule 3. a. Select Security > ACL > Advanced > IPv6 Rules. ACLs 228 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 229
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the ACL Name list, select ipv6-acl. c. Click Add. A screen list, select ipv6-acl. c. In the Sequence Number list, select 1. d. Click Unit 1. e. Select Port 1. ACLs 229 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 230
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. f. Click the Apply button. 6. View the binding table. Select Security > ACL > Advanced > Binding Table. A screen similar to the following displays. ACLs 230 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 231
shaping features. The chapter includes the following sections: • CoS Queuing Concepts • Show the Trust Mode for a Class of Service • Set the Trust Mode for a Class of Service • Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode • Set the CoS Trust Mode for an Interface • Configure - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 232
M4300-96X Fully Managed Switches CoS Queuing Concepts Each port has one or more queues for packet transmission. During configuration, you can determine the mapping and configuration of these queues. Based on the service priority on a per-port basis. CoS Queuing 232 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 233
M4300-96X Fully Managed Switches precedence basis allows you to create the service characteristics that you want for different types bandwidth per-queue shaping • Queue management type, tail drop vs. WRED Drop management type, rail Drop vs. WRED Only if per-queue configuration is not supported - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 234
M4300 Series and M4300-96X Fully Managed Switches Show the Trust Mode for a Class of Service The example is shown as CLI commands and as a local browser interface procedure. CLI: Show the Trust Mode for a Class of Service To use the CLI to show CoS trust mode, use these commands: (Netgear Switch) # - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 235
Series and M4300-96X Fully Managed Switches Set the Trust Mode for a Class of Service The example is shown as CLI commands and as a local browser interface procedure. CLI: Set the Trust Mode for a Class of Service (Netgear Switch) (Config)#classofservice? dot1p-mapping Configure dot1p priority - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 236
M4300 Series and M4300-96X Fully Managed Switches Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode (Netgear Switch Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 237
M4300 Series and M4300-96X Fully Managed Switches b. In the Queue ID list, select 0. c. Under Interface Queue Configuration, scroll down and select the interface 1/0/2 In the Scheduler Type list, select Strict. e. Click Apply to save the settings. CoS Queuing 237 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 238
M4300-96X Fully Managed Switches Set the CoS Trust Mode for an Interface The example is shown as CLI commands and as a local browser interface procedure. CLI: Set the CoS Trust Mode for an Interface (Netgear Switch) (Interface 1/0/3)#classofservice trust? dot1p Sets the Class of Service Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 239
Series and M4300-96X Fully Managed Switches Configure Traffic Shaping Traffic 5. (Netgear Switch) (Config)#traffic-shape 70? Press Enter to execute the command. (Netgear Switch) (Config)#traffic-shape 70 (Netgear Switch) (Config top. CoS Queuing 239 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 240
M4300 Series and M4300-96X Fully Managed Switches c. In the Interface Shaping Rate (0 to 100) field, enter 70. d. Click Apply to save the settings. CoS Queuing 240 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 241
13 13DiffServ Differentiated Services This chapter includes the following sections: • Differentiated Services Concepts • DiffServ • DiffServ for VoIP • Auto VoIP • DiffServ for IPv6 • Color Conform Policy • WRED Explicit Congestion Notification 241 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 242
M4300-96X Fully Managed Switches Differentiated Services Concepts Differentiated services (DiffServ) is one technique for implementing Quality of Service (QoS) policies. Using DiffServ in your network allows you to directly configure the relevant parameters on the switches Managed Switch supports - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 243
differentiated services The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure DiffServ 1. Ensure that the DiffServ operation is enabled for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#diffserv DiffServ 243 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 244
Series and M4300-96X Fully Managed Switches 2. Create a DiffServ class of type all for each of the departments, and name them. Define the match criteria of source IP address for the new classes. (Netgear Switch) (Config)#class-map match-all finance_dept (Netgear Switch) (Config class-map)#match - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 245
Series and M4300-96X Fully Managed Switches 4. Attach the defined policy to interfaces 1/0/1 through 1/0/4 in the inbound direction. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#service-policy in internet_access (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 246
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure DiffServ 1. Enable Diffserv. a. Select QoS > DiffServ > Basic > DiffServ Configuration. A create a new class finance_dept. d. Click the finance_dept to configure this class. DiffServ 246 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 247
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the following information: • to create a new class marketing_dept. d. Click marketing_dept to configure this class. DiffServ 247 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 248
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the following information: • In Click Add to create a new class test_dept. d. Click test_dept to configure this class. DiffServ 248 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 249
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the following information: create a new class development_dept. d. Click development_dept to configure this class. DiffServ 249 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 250
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the following information into the policy internet_access. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 250 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 251
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. DiffServ 251 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 252
Series and M4300-96X Fully Managed Switches b. Under Policy Configuration, scroll down and select the internet_access check box. Now internet_access Apply. 11. Assign queue 2 to marketing_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 252 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 253
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click the internet_access check box for marketing_dept. A screen . Assign queue 3 to test_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 253 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 254
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click the internet_access check mark for test_dept. A screen 13. Assign queue 4 to development_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 254 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 255
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click the internet_access check mark interfaces 1/0/1 through 1/0/4 in the inbound direction. a. Select QoS > DiffServ > Advanced > Service Configuration. DiffServ 255 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 256
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the check boxes for interfaces 1/0/1, 1/0/2, for interface 1/0/5. a. Select QoS > CoS > Advanced > Interface Queue Configuration. DiffServ 256 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 257
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Interface Queue Configuration, scroll down and select 4 configuration for interface 1/0/5. a. Select QoS > CoS > Advanced > Interface Queue Configuration. DiffServ 257 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 258
Series and M4300-96X Fully Managed Switches A screen similar to the following of DiffServ is to support Voice over IP (VoIP). VoIP traffic is inherently time sensitive: For a network to provide acceptable service, a guaranteed transmission rate 2. DiffServ 258 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 259
Series and M4300-96X Fully Managed Switches Port 1/0/2 Port 1/0/3 Layer 3 switch operating as Router 1 Internet Layer 3 switch operating as Router 2 Activate DiffServ for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#cos-queue strict 5 (Netgear Switch) (Config)#diffserv 2. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 260
and M4300-96X Fully Managed Switches 3. Create a second DiffServ classifier named class_ef and define a single match criterion to detect a DiffServ code point (DSCP) of EF (expedited forwarding). This handles incoming traffic that was previously marked as expedited somewhere in the network. (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 261
Series and M4300-96X Fully Managed Switches Local Browser Interface: Diffserv for VoIP 1. Set queue 5 on all interfaces to use strict mode. a. Select settings. 3. Create a class class_voip. a. Select QoS > DiffServ > Advanced > DiffServ Configuration. DiffServ 261 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 262
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Class Name field, enter class_voip. c. In the Class a new class. 4. Create a class class_ef: a. Select QoS > DiffServ > Advanced > DiffServ Configuration. DiffServ 262 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 263
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Class Name field, enter class_ef. c. In the pol_voip. and add class_voip to this policy. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 263 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 264
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Policy Selector field, enter pol_voip. c. In the Member 6. Add class_ef to the policy pol_voip. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 264 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 265
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Policy Configuration, Attach the defined policy to interface 1/0/2 in the inbound direction. a. Select QoS > DiffServ > Advanced > Service Configuration. DiffServ 265 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 266
M4300-96X Fully Managed Switches a switch. From software release 10.0.0 on, the switch supports both service (CoS) to data and signaling VoIP streams than to other traffic. The supported switch takes the following actions: • If you enable remarking, the switch to let the switch carry the remarked - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 267
M4300-96X Fully Managed Switches switch is preconfigured with a default list of OUIs. You can also add OUIs that need prioritization. The switch can support up to 128 OUIs, including the default OUIs. By default, the switch traffic. The switch assigns all VoIP The switch assigns - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 268
Series and M4300-96X Fully Managed Switches PBX Switch VoIP phone VoIP phone VoIP phone Computer Auto VoIP on a specific port of the switch. (Netgear Switch)(Configure)#interface 2/0/1 (Netgear Switch)(Interface 2/0/1)#auto-voip protocol-based DiffServ 268 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 269
Series and M4300-96X Fully Managed Switches 2. Display the Auto VoIP information. (Netgear Switch) #show auto-voip protocol-based interface 2/0/1 VoIP VLAN Id 2 Prioritization Type traffic-class the protocol-based Auto VoIP to egress queue 4. DiffServ 269 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 270
M4300 Series and M4300-96X Fully Managed Switches 1. Change the egress queue of protocol-based Auto VoIP. (Netgear Switch) (Config)#auto-voip protocol-based traffic-class 4 2. Display the Auto VoIP information. (Netgear Switch first to use auto VoIP. DiffServ 270 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 271
M4300-96X Fully Managed Switches 1. Create VLAN 5. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit 2. Assign the VoIP traffic to VLAN 5, which becomes the VoIP VLAN. (Netgear Switch -based Auto VoIP information. (Netgear Switch) #show auto-voip oui- - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 272
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the VLAN ID field, enter 5. c. Click Add. 2. Assign the VoIP traffic to VLAN 5. a. Select Switching > Auto-VoIP > Protocol-based > Port Settings. A screen similar to the following displays. b. From the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 273
M4300 Series and M4300-96X Fully Managed Switches DiffServ for IPv6 This feature extends the existing QoS ACL and DiffServ functionality by providing support for IPv6 packet classification. Internet Interface 1/0/1 Switch Interface 1/0/3 IPv6 Workstation Interface 1/0/2 IPv6 Workstation IPv6 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 274
Series and M4300-96X Fully Managed Switches 3. Create the policy policyicmpv6. (Netgear Switch) (Config)# policy-map policyicmpv6 in 4. Associate the previously created class classicmpv6. (Netgear Switch) (Config-policy-map)# class classicmpv6 5. Set the attribute as assign queue 6. (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 275
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. d. Click Add to create the IPv6 class. A screen similar to > IPv6 Class Configuration. A screen similar to the following displays. b. Click the class classicmpv6. DiffServ 275 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 276
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. c. Select the Protocol Type radio button, select Other, and enter 58. A screen similar to the following displays. DiffServ 276 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 277
Series and M4300-96X Fully Managed Switches d. Click the Apply button. 3. Create the policy policyicmpv6, and associate the previously created class classicmpv6. a. Select QoS Type list, select In. d. In the Member Class list, select classicmpv6. DiffServ 277 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 278
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Click Add. 4. Set the attribute as assign queue 6. a. Select QoS > following displays. b. Click the policy policyicmpv6. c. In the Assign Queue list, select 6. DiffServ 278 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 279
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. d. Click Apply. 5. Attach the policy policyicmpv6 to interfaces 1/0/1,1/0/2 and 1/0/3. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. In - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 280
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. Color Conform Policy The example is shown as CLI commands and as a local browser interface procedure. DiffServ 280 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 281
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure a Color Conform Policy 1. Create a VLAN 5 and configure ports 1/0/13 and 1/0/25 as its members. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) ( - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 282
M4300-96X Fully Managed Switches 4. Apply this policy to port 1/0/13. (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#service-policy in policy_vlan (Netgear Switch) (Interface 1/0/13)#exit (Netgear Switch 1/0/25 to VLAN 5. a. Select Switching > VLAN > Advanced > VLAN - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 283
Series and M4300-96X Fully Managed Switches d. Click the gray boxes under ports 13 and 25 until T displays. The T specifies that the egress packet is class_vlan. A screen similar to the following displays. d. Click class_vlan to configure this class. DiffServ 283 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 284
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, in the VLAN field, enter 5. f. Click Apply. similar to the following displays. d. Click class_color to configure this class. DiffServ 284 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 285
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, in the Precedence Value list, select with class_vlan. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 285 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 286
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the policy_vlan check box. radio button. i. For Violate Action, select the Drop radio button. j. Click Apply. DiffServ 286 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 287
M4300-96X Fully Managed Switches 8. Apply policy_vlan to interface 1/0/13. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. Under Service • 11. Congestion Encountered, CE TCP also supports ECN through two flags in the TCP header: - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 288
Series and M4300-96X Fully Managed Switches Weighted random early discard (WRED, also referred to as weighted random early detection) considers packets for early discard only when the number of packets that - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 289
Series and M4300-96X Fully Managed Switches 3. Apply the policy on port 1/0/25. (Netgear Switch) (Config)#interface 1/0/25 (Netgear Switch) (Interface 1/0/25)#service-policy in p1 4. Let the packets with dot1p priority 3 be placed in queue 3. (Netgear Switch) (Config)#classofservice dot1p-mapping - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 290
Protocol features This chapter includes the following sections: • Internet Group Management Protocol Concepts • IGMP Snooping • Show igmpsnooping • Show mac-address-table igmpsnooping • External Multicast Router • Multicast Router Using VLAN • IGMP Querier Concepts • Enable IGMP Querier • Show - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 291
Series and M4300-96X Fully Managed Switches Internet Group Management Protocol Concepts NETGEAR implements Internet Group Management Protocol (IGMP) in the following way: • IGMP uses version 1, version 2, or version 3. • IGMP includes snooping. • By default, IGMP snooping is enabled on VLAN 1. IGMP - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 292
Series and M4300-96X Fully Managed Switches Local Browser Interface: Enable IGMP Snooping Configure IGMP snooping: 1. Select Switching > Multicast > as a local browser interface procedure. CLI: Show igmpsnooping (Netgear Switch) #show igmpsnooping Admin Mode Disable Multicast Control Frame Count - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 293
Series and M4300-96X Fully Managed Switches Local Browser Interface: Show igmpsnooping Select Switching > Multicast address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? Press Enter to execute the command. (Netgear Switch) #show mac-address Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 294
M4300 Series and M4300-96X Fully Managed Switches CLI for IGMPv3: show igmpsnooping ssm entries (Netgear Switch interface procedure. CLI: Configure the Switch with an External Multicast Router This switch are forwarded to the multicast router that is reachable from this interface. (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 295
M4300-96X Fully Managed Switches Local Browser Interface: Configure the Switch with an External Multicast Router 1. Select Switching local browser interface procedure. CLI: Configure the Switch with a Multicast Router Using VLAN This example (Netgear Switch)(Interface 1/0/3)# set igmp mrouter - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 296
M4300-96X Fully Managed Switches Local Browser Interface: Configure the Switch with a Multicast Router Using VLAN 1. Select Switching IGMP Querier Concepts When the switch is used in network applications where video services such as IPTV, video the switch, such an external device is - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 297
M4300 Series and M4300-96X Fully Managed Switches Figure 32. IGMP querier Since the IGMP querier is designed to work with IGMP snooping, it is necessary to enable IGMP snooping when using it. The following figure shows a network application for video streaming service Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 298
M4300 Series and M4300-96X Fully Managed Switches (Netgear switch) #vlan database (Netgear switch) (vlan)#set igmp 1 (Netgear switch) (vlan)#set igmp querier 1 (Netgear switch) (vlan)#exit (Netgear switch) #config (Netgear switch) (config)#set igmp querier (Netgear switch) (config)#set igmp querier - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 299
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the Switching > Multicast > IGMP Snooping Querier VLAN Configuration. A screen similar to the following displays. b. In the VLAN ID field, enter 1. 5. Click Add. IGMP Snooping and Querier 299 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 300
M4300 Series and M4300-96X Fully Managed Switches Show IGMP Querier Status The example is shown as CLI commands and as a local browser interface procedure. CLI: Show IGMP Querier Status To see the IGMP querier status, use the following command. (Netgear Switch Status 1. Select Switching > Multicast > - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 301
15 15MVR Multicast VLAN registration This chapter includes the following sections: • Multicast VLAN Registration • Configure MVR in Compatible Mode • Configure MVR in Dynamic Mode 301 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 302
M4300 Series and M4300-96X Fully Managed Switches Multicast VLAN Registration The IGMP Layer 3 protocol is widely used for IPv4 network multicasting. In Layer 2 networks, the IGMP protocol uses resources inefficiently. For example, a Layer 2 switch multicast traffic to all ports even if there are - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 303
M4300 Series and M4300-96X Fully Managed Switches Multicast source IGMP switch SP (VLAN999) SP (VLAN 999) MVR switch RP (VLAN 1001) Multicast client RP (VLAN 1003) RP (VLAN 1002 configured to transmit all required multicast streams to the MVR switch. MVR 303 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 304
M4300-96X Fully Managed Switches CLI: Configure MVR in Compatible Mode 1. Create MVLAN, VLAN1, VLAN2, and VLAN3. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 999,1001, 1002, 1003 (Netgear Switch) (Vlan)#vlan name 999 mVlan (Netgear Switch) (Vlan)#vlan name 1001 Vlan1 (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 305
Series and M4300-96X Fully Managed Switches (Netgear Switch) (Config)#interface 0/1 (Netgear Switch) (Interface 0/1)#vlan participation include 1001 (Netgear Switch) (Interface 0/1)#vlan pvid 1001 (Netgear Switch) (Interface 0/1)#vlan participation exclude 1 (Netgear Switch) (Interface 0/1)#mvr - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 306
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure MVR in Compatible Mode 1. Create MVLAN 999, VLAN1 1001, VLAN2 1002 and VLAN3 1003. a. Select Switching > VLAN > Basic > VLAN the ports. e. Click Apply to save the settings. MVR 306 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 307
M4300-96X Fully Managed Switches f. Repeat steps from b to e, add port 0/1 to VLAN1 1001, add port 0/5 to VLAN2 1002, and add port 0/7 to VLAN3 1003. 3. Enable MVR and multicast VLAN a. Select Switching .1.2.3 to MVR. a. Select Switching > MVR > Basic > MVR Switching > MVR > - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 308
Series and M4300-96X Fully Managed Switches A screen similar to the to save the settings. 6. Configure source interface. a. Select Switching > MVR > Basic > MVR Interface Configuration. A screen Membership. a. Select Switching > MVR > Advanced > MVR Membership. MVR 308 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 309
(Netgear Switch) (Vlan)#vlan 999,1001, 1002, 1003 (Netgear Switch) (Vlan)#vlan name 999 mVlan (Netgear Switch) (Vlan)#vlan name 1001 Vlan1 (Netgear Switch) (Vlan)#vlan name 1002 Vlan2 (Netgear Switch) (Vlan)#vlan name 1003 Vlan3 (Netgear Switch) (Vlan)#exit MVR 309 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 310
Series and M4300-96X Fully Managed Switches 2. Enable MVR, configure VLAN 999 as a multicast VLAN, and add group 224.1.2.3 to MVR. (Netgear Switch) #config (Netgear Switch) (Config)#mvr (Netgear Switch) (Config)#mvr vlan 999 (Netgear Switch) (Config)#mvr group 224.1.2.3 3. Configure MVR in dynamic - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 311
Series and M4300-96X Fully Managed Switches (Netgear Switch) (Config)#interface 0/1 (Netgear Switch) (Interface 0/1)#vlan participation include 1001 (Netgear Switch) (Interface 0/1)#vlan pvid 1001 (Netgear Switch) (Interface 0/1)#vlan participation exclude 1 (Netgear Switch) (Interface 0/5)#mvr - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 312
M4300-96X Fully Managed Switches 7. After port 0/1 receive IGMP report for Multicast Group 224.1.2.3, it will be added to the MVR Group 224.1.2.3. (Netgear Switch Add port 9 into MVLAN 999 with tagged mode. f. Select Switching > VLAN > Advanced > VLAN Membership. MVR 312 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 313
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. g. In the VLAN ID list, select 999. h. Click Unit 1. The ports display. i. MVR mode list, select dynamic. e. Click Apply. 3. Add multicast group 224.1.2.3 to the MVR. MVR 313 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 314
Series and M4300-96X Fully Managed Switches a. Select Switching > MVR > Basic > MVR Group Configuration. A screen similar to the following displays. b. In the MVR Group IP field, enter 224.1.2.3. c. Click Add. 4. Configure a receiver on interface 0/1, 0/5 and 0/7. a. Select Switching > MVR > Basic - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 315
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under MVR Interface report for multicast group 224.1.2.3, it is added into MVR group 224.1.2.3. a. Select Switching > MVR > Advanced > MVR Group Membership. A screen similar to the following displays - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 316
Maximum Rate of DHCP Messages • IP Source Guard • Command Authorization • Privileged Exec Command Mode Authorization • Accounting • Use the Authentication Manager to Set Up an Authentication Method List • RADIUS Change of Authorization • IPv6 Stateless RA Guard • Changing the SSH/Telnet Login Method - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 317
Series and M4300-96X Fully Managed Switches Port Security Concepts Port security helps to secure the network by port. Static MAC addresses are not eligible for aging. • Static locking. You can manually specify a list of static MAC addresses for a port. Dynamically locked addresses can be converted - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 318
M4300-96X Fully Managed Switches Set the Dynamic and Static Limit on Port 1/0/1 The example is shown as CLI commands and as a local browser interface procedure. CLI: Set the Dynamic and Static Limit on Port 1/0/1 (Netgear Switch) (Config)#port-security Enable port-security globally (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 319
Series and M4300-96X Fully Managed Switches 2. Set the dynamic and static limit on the port 1/0/1: a. Select Security > Traffic Control > Port Security > Max Allowed Statically Locked MAC field, enter 3. d. Click Apply to save the settings. Security Management 319 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 320
M4300 Series and M4300-96X Fully Managed Switches Convert the Dynamic Address Learned from 1/0/1 to a Static Address The example is shown as CLI commands and as a local browser interface procedure. CLI: Convert the Dynamic Address Learned from 1/0/1 to the Static Address (Netgear Switch)(Interface - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 321
and M4300-96X Fully Managed Switches Create a Static Address The example is shown as CLI commands and as a local browser interface procedure. CLI: Create a Static Address (Netgear Switch) ( , no traffic is forwarded between PC 1 and PC 2. Security Management 321 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 322
and M4300-96X Fully Managed Switches Internet Layer 2 switch 192.168.1.252 10.100.5.34 192.168.1.252 PC 1 PC 2 192.168.1. Figure 34. Protected ports 192.168.1. CLI: Configure a Protected Port to Isolate Ports on the Switch 1. Create one VLAN 192 including PC 1 and PC 2. (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 323
M4300-96X Fully Managed Switches 2. Create one VLAN 202 connected to the Internet. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 202 (Netgear Switch) (Vlan)#vlan routing 202 (Netgear Switch) (Vlan)#exit (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/0/48 (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 324
M4300-96X Fully Managed Switches Local Browser Interface: Configure a Protected Port to Isolate Ports on the Switch 1. Create a DHCP pool: Note: This example assumes that the DHCP service is enabled. For information about how to enable the DHCP service Management 324 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 325
Series and M4300-96X Fully Managed Switches 2. Configure a VLAN and include ports 1/0/23 and 1/0/24 in the VLAN: a. Select Routing > VLAN > VLAN Routing . • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display: Security Management 325 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 326
Series and M4300-96X Fully Managed Switches d. Click the gray box under port 48 twice until U displays. The U specifies that the egress packet port 23 and port 24 as protected ports: a. Select Security > Traffic Control > Protected Port. Security Management 326 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 327
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Protected Ports Configuration, configured on a per-port basis. RADIUS server Layer 2 switch PC 1 PC 2 Figure 35. Using 802.1x port security Security Management 327 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 328
10.100.5.17 Enter secret (16 characters max):123456 Re-enter secret:123456 5. Set the RADIUS server as a primary server. (Netgear Switch) (Config)#radius server msgauth 10.100.5.17 (Netgear Switch) (Config)# radius server primary 10.100.5.17 Security Management 328 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 329
Series and M4300-96X Fully Managed Switches 6. Configure an accounting server. (Netgear Switch) (Config)#radius accounting mode (Netgear Switch) (Config)#radius server host acct 10.100.5.17 7. Configure the shared secret between the accounting server and the client. (Netgear Switch) (Config)#radius - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 330
Series and M4300-96X Fully Managed Switches Now 1/0/1 appears in the Interface field at the top. Click Apply to save the settings. 4. Create an authentication name list. a. Select Security > Management Security > Login > Authentication List. A screen similar to the following displays. b. Select - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 331
Series and M4300-96X Fully Managed Switches 5. Set port Apply to save the settings. 6. Enable dot1x on the switch. a. Select Security > Port Authentication > Server Configuration. authentication server. a. Select Security > Management Security > Server Configuration. A screen similar to - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 332
M4300 Series and M4300-96X Fully Managed Switches Click Add. 8. Enable accounting. a. Select Security > Management Security > RADIUS > Radius Configuration. A screen similar to Configure the accounting server. a. Select Security > Management Security > RADIUS> Radius Accounting Server Configuration. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 333
M4300-96X Fully Managed Switches Create a Guest VLAN The guest VLAN feature allows a switch to provide a distinguished service 24 1/0/6 1/0/12 Switch Figure 36. Guest VLAN If a port is in port-based mode, and a client that does not support 802.1X is Management 333 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 334
Series and M4300-96X Fully Managed Switches CLI: Create a Guest VLAN 1. Enter the following commands: (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 335
Series and M4300-96X Fully Managed Switches 4. Enable the guest VLAN on ports 1/0/1 and 1/0/24. (Netgear Switch) #show dot1x detail 2000. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the following displays. Security Management 335 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 336
Series and M4300-96X Fully Managed Switches b. In the VLAN ID field, enter 2000. c. In the VLAN Type field, select Static. d. Click Add. 2. Add ports to VLAN 2000. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to the following displays. b. In the VLAN ID list, select - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 337
M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Administrative Mode, select the Enable radio button. c. Click Apply to save settings. 5. Configure the dot1x authentication list. a. Select Security > Management a. Select Security > Management Security > Radius > - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 338
Series and M4300-96X Fully Managed Switches e. Click Add. 7. Configure the guest VLAN. a. Select Security > Port Authentication > Advanced > Port Private-Group-ID = VLANID where VLANID is 12 bits, with a value between 1 and 4094. Security Management 338 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 339
)#vlan 2000 (Netgear Switch) #exit 2. Enable dot1x authentication on the switch (Netgear Switch) (Config)#dot1x system-auth-control 3. Use the RADIUS as the authenticator. (Netgear Switch) (Config)#aaa authentication dot1x default radius Security Management 339 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 340
Series and M4300-96X Fully Managed Switches 4. Enable the switch to accept VLAN assignment by the RADIUS server. (Netgear Switch) (Config)#authorization network radius 5. Set the RADIUS server IP address. (Netgear Switch) (Config)#radius server host auth 192.168.0.1 6. Set the NAS-IP address for - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 341
Series and M4300-96X Fully Managed Switches 8. Show the dot1x detail for 1/0/5. (Netgear Switch) #show dot1x detail 1/0/5 Port 1/0/5 Protocol Version 1 PAE Unauthenticated VLAN ID 0 Session Timeout 0 Session Termination Action Default Security Management 341 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 342
M4300-96X Fully Managed Switches Local Browser Interface: Assign VLANS Using RADIUS 1. Assign the IP address for the web management interface. a. Select System > Management Security > Port Authentication > Advanced > Port Authentication. Security Management 342 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 343
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Port Authentication, scroll down and select the 1/0/6 and 1/0/12 check boxes. c. In the Control Mode list, select Force Authorized. d. Click Apply to save settings. 4. Enable dot1x on the switch. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 344
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Select the defaultList check box. c. In the 1 list, select RADIUS. d. Click Add. 6. Configure the RADIUS authentication server. a. Select Security > Management Security > Radius > Server Configuration. A - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 345
M4300 Series and M4300-96X Fully Managed Switches ). When DAI is enabled, the switch drops ARP packet if the sender snooping cannot be run, or other switches in the network do not run dynamic :11:85:EE:54:E9 Interface 1/0/1 Interface 1/0/2 Switch Interface 1/0/3 DHCP server IP address: 192.168.10 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 346
M4300-96X Fully Managed Switches CLI: Configure Dynamic ARP Inspection 1. Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping 2. Enable DHCP snooping in a VLAN. (Netgear Switch , see Static Mapping on page 350. Security Management 346 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 347
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Dynamic ARP Inspection 1. Enable DHCP snooping globally. a. Select Security > Control VLAN ID field, enter 1. c. In the DHCP Snooping Mode field, select Enable. Security Management 347 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 348
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. 3. Configure the port through which the DHCP server the DHCP Snooping Binding table. a. Select Security > Control > DHCP Snooping Binding Configuration. Security Management 348 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 349
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. 5. Enable ARP Inspection in VLAN 1. a. Select Security > Control > Dynamic ARP for ARP inspection. If there are trusted ports, you can configure them as Security Management 349 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 350
Series and M4300-96X Fully Managed Switches trusted in the next step. ARP packets received on the trusted browser interface procedure. CLI: Configure Static Mapping 1. Create an ARP ACL. (Netgear Switch) (Config)# arp access-list ArpFilter Security Management 350 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 351
M4300-96X Fully Managed Switches 2. Configure the rule to allow the static client. (Netgear Switch) (Config-arp-access-list)# permit ip host 192.168.10.2 mac host 00:11:85:ee:54:e9 3. Configure ARP ACL used for VLAN 1. (Netgear Switch Add. Security Management 351 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 352
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. 3. Configure the ARP ACL used for VLAN 1. a. Select Security > Control > to be trusted or untrusted. DHCP servers must be reached through trusted ports. Security Management 352 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 353
Series and M4300-96X Fully Managed Switches Interface 1/0/1 Switch Interface 1/0/1 DHCP server Figure 39. DHCP Snooping DHCP client The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure DHCP Snooping 1. Enable DHCP snooping globally. (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 354
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure DHCP Snooping 1. Enable DHCP snooping globally: a. Select Security > Configuration. A screen similar to the following displays. b. In the VLAN ID list, select 1. Security Management 354 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 355
M4300 Series and M4300-96X Fully Managed Switches c. For DHCP Snooping Mode, select the Enable radio button. A screen similar to the Select Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Security Management 355 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 356
M4300 Series and M4300-96X Fully Managed Switches Find a Rogue DHCP Server If you enable DHCP snooping, you can find a rogue DHCP server in the network. CLI: Find a Rogue DHCP server 1. Check the statistics on the untrusted ports. (NETGEAR Security Management 356 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 357
Series and M4300-96X Fully Managed Switches 2. Control the logging DHCP messages filtration by the DHCP Snooping application for port 1/0/27. (Netgear Switch) (Interface 1/0/27)#ip dhcp the DHCP Server Msgs Rec'd column increase for any port. Security Management 357 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 358
M4300 Series and M4300-96X Fully Managed Switches c. The previous figure shows that the messages increased for port 1/0/27, indicating that the port is connected to a rogue DHCP server is 10.100.5.253 and the MAC address is 00:26:F2:F6:B3:6C. Security Management 358 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 359
Series and M4300-96X Fully Managed Switches Enter Static Binding into the Binding Database You can also enter the static binding into the binding database. CLI: Enter Static Binding into the Binding Database 1. Enter the DHCP snooping static binding. (Netgear Switch) (Config)# ip dhcp snooping - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 360
M4300 Series and M4300-96X Fully Managed Switches 3. Check to make sure that the Netgear Switch) #show ip dhcp snooping interfaces 1/0/2 Interface ---------- Trust State Rate Limit (pps) Burst Interval (seconds) 1/0/2 No 5 1 Security Management 360 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 361
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure the Maximum Rate of DHCP Messages 1. Guard uses the DHCP snooping bindings database. When IP Source Guard is enabled, the switch drops incoming packets that do not match a binding in the bindings database. IP Source - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 362
a local browser interface procedure. CLI: Configure Dynamic ARP Inspection 1. Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping 2. Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Security Management 362 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 363
Series and M4300-96X Fully Managed Switches 3. Configure the port through which the DHCP server is reached as trusted. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ip dhcp snooping trust 4. View the DHCP Snooping Binding table. (Netgear Switch) #show ip dhcp - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 364
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Dynamic ARP Inspection 1. Enable DHCP snooping globally. a. Select Security > Snooping Mode field, select Enable. A screen similar to the following displays. Security Management 364 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 365
Series and M4300-96X Fully Managed Switches d. Click Apply. A screen similar to the following displays. 3. Configure the port through View the DHCP Snooping Binding table. Select Security > Control > DHCP Snooping Binding Configuration. Security Management 365 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 366
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. 5. Enable IP source guard in the interface 1/0/2. a. Select Security > , enter 192.168.10.80. f. Click Add. A screen similar to the following displays. Security Management 366 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 367
Series and M4300-96X Fully Managed Switches Command Authorization Authorization determines if a user is authorized to perform certain activities such as entering specific EXEC commands. TACACS+ servers support command authorization. The RADIUS protocol does not support command authorization but - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 368
M4300 Series and M4300-96X Fully Managed Switches 2. Verify that TACACS authentication is set up for Telnet users. (Netgear Switch)#show authentication methods Login Authentication Method Lists defaultList : local networkList : tacacs Enable Authentication Method Lists enableList : - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 369
Series and M4300-96X Fully Managed Switches 6. Verify that command and privileged EXEC authorization are set up for Telnet. (Netgear Switch)#show authorization "12345678" accounting syslog; accounting file = /var/log/tac_plus/tac_plus.acct Security Management 369 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 370
M4300 Series and M4300-96X Fully Managed Switches 8. Using Linux on the TACACS server, allow a user named eric to access specific commands in the file tac_plus.conf. user = eric { # member = network_user { default service = deny login = des qbVVseTcbtzS2 service = exec { priv-lvl = 15 } cmd = show { - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 371
Series and M4300-96X Fully Managed Switches 2. Change the authentication mode for Telnet users to RADIUS. (Netgear Switch)(Config)#aaa authentication login networkList radius 3. Verify that RADIUS authentication is set up for Telnet users. (Netgear Switch) #show authentication methods Login - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 372
M4300 Series and M4300-96X Fully Managed Switches 6. Verify that command authorization is set up for Telnet. (Netgear Switch eric Cleartext-Password := "testing" Service-Type = Login-User, netgear-cmdAuth-deny = "deny:poe *;spanningtree *;" Security Management 372 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 373
M4300-96X Fully Managed Switches Privileged support authorization, the privilege level attribute must be returned with the authentication response. If the service- TACACS. (Netgear Switch)(Config)#aaa authentication login "networkList" tacacs Security Management 373 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 374
M4300 Series and M4300-96X Fully Managed Switches 2. Verify that TACACS authentication is set up for Telnet users. (Netgear Switch) #show authentication methods Login Authentication Method Lists defaultList : local networkList : tacacs Enable Authentication Method Lists enableList - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 375
M4300 Series and M4300-96X Fully Managed Switches 5. Verify that EXEC authorization is set up for Telnet. (Netgear Switch = eric { # member = network_user { default service = permit login = des qbVVseTcbtzS2 service = exec { priv-lvl = 15 } Security Management 375 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 376
Series and M4300-96X Fully Managed Switches CLI Example 2: Configure EXEC Authorization by a RADIUS Server The authorization list and configure RADIUS as the authorization. (Netgear Switch)(Config)# aaa authorization exec execList radius Security Management 376 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 377
M4300 Series and M4300-96X Fully Managed Switches 5. Configure EXEC authorization for Telnet. (Netgear Switch) (Config)#line telnet (Netgear Switch) (Config-telnet)# authorization exec execList (Netgear Switch) (Config-telnet)#exit 6. Verify that EXEC authorization is set up for Telnet. (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 378
M4300 Series and M4300-96X Fully Managed Switches Accounting The accounting process records what a user does or has done on the switch. You can configure a TACACS+ accounting server or RADIUS accounting server to account for the following actions: • Account for services that were used, such as in a - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 379
M4300 Series and M4300-96X Fully Managed Switches Configure Telnet EXEC Accounting by RADIUS Server RADIUS accounting supports EXEC mode but does not support command mode. (Netgear Switch)(Config)#radius server host acct 10.100.5.13 (Netgear Switch Management 379 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 380
Series and M4300-96X Fully Managed Switches Use the Authentication Manager to Set Up an Authentication Method List The authentication manager lets you configure an authentication method be reauthenticated through the higher-priority method. Security Management 380 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 381
Series and M4300-96X Fully Managed Switches Configure a Dot1x-MAB Authentication Method List with Dot1x-MAB Priority Note: This section describes how Figure 41. Dot1x, MAB, and captive portal authentication method list with default priority Security Management 381 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 382
Series and M4300-96X Fully Managed Switches The CLI command to enable authentication is as follows. (Netgear Switch)#configure (Netgear Switch)(Config)#authentication enable Configure a authentication method, see Chapter 36, Captive Portals. Security Management 382 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 383
of the timer, the authentication manager restarts the authentication process for the first method in the list. The CLI command to enable authentication is as follows. (Netgear Switch)#configure (Netgear Switch)(Config)#authentication enable Security Management 383 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 384
M4300 Series and M4300-96X Fully Managed Switches manage the user session from the DAC by generating a DM or CoA message. A NETGEAR switch can detect these messages on UDP port number 3799. When a NETGEAR switch with an Error-Cause attribute as Unsupported Service. • If the DAS does not perform - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 385
and M4300-96X Fully Managed Switches The switch functions as the Dynamic Authorization Server (DAS). (Netgear Switch) #config (Netgear Switch) (Config)#interface vlan 1 (Netgear Switch) (Interface vlan 1)#ip address 172.26.2.145 /24 2. Configure the RADIUS server. (Netgear Switch) #config (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 386
over a short period that you can configure manually. The switch then allows RA messages that are received only on the ports on which valid RA messages were received during the listening period. Note: On a managed switch, the IPv6 RA Guard feature supports only the stateless mode. To configure the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 387
Series and M4300-96X Fully Managed Switches 2. Display the configuration of the IPv6 RA Guard feature on port 1/0/1. (Netgear Switch) #show as the authentication method. (Netgear Switch) (Config)#aaa authentication login networkList radius Security Management 387 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 388
M4300 Series and M4300-96X Fully Managed Switches 2. Check if the networkList method changes from local to radius. (Netgear Switch) #show authentication Security > Access > SSH > SSH Configuration. A screen similar to the following displays. Security Management 388 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 389
Series and M4300-96X Fully Managed Switches b. Check if the Login Authentication List field is networkList. c. Check the same on Security > Access > Telnet > Telnet Configuration. 2. Change the networkList authentication method to Radius. a. Select Security > Management Security > Authentication - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 390
17 17MAB MAC Authentication Bypass This chapter includes the following sections: • MAC Authentication Bypass Concepts • Configure MAC Authentication Bypass on a Switch • Configure a Network Policy Server on a Microsoft Windows Server 2008 R2 or Later Server • Configure an Active Directory on a - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 391
M4300-96X Fully Managed Switches packet to the supplicant and the switch starts a timer that is based when the timer expires, the switch treats the client as an 802 address in its database. The switch can place the 802.1X- guest VLAN period times out, the switch places the client in the guest VLAN - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 392
Series and M4300-96X Fully Managed Switches 1. Traffic from an unknown client The switch learns the Figure 44. MAB operation Switch RADIUS server The following figure shows a switch that has MAB configured Port 1/0/10 Switch IP address 10.1.10.50 Figure 45. MAB topology with a switch, IP phone - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 393
Series and M4300-96X Fully Managed Switches Configure MAC Authentication Bypass on a Switch This section provides an example of how to configure MAC Authentication Bypass (MAB) on a switch. The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure the Switch to - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 394
M4300 Series and M4300-96X Fully Managed Switches 5. Configure MAB on the port that connects to the IP phone (port 1/0/10 in this example). (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/10 (Netgear Switch) (Interface 1/0/10)#dot1x port-control mac-based (Netgear Switch) (Interface - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 395
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Select the dot1xList check box. c. From the 1 menu, select Radius. d. Click Apply. 3. Configure the switch the Server Type menu, select Standard. c. Click Add. MAB 395 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 396
M4300 Series and M4300-96X Fully Managed Switches 4. Configure the port that connects to the Microsoft network policy server (in this example, port 1/0/1) to be force-authorized From the Control Mode menu, select MAC Based. • From the MAB menu, select Enable. MAB 396 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 397
M4300-96X Fully Managed Switches problems might require that you reinstall your Microsoft operating system. Modify the registry at your own risk. To reenable EAP-MD5 support in Microsoft Windows Vista, add the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 398
M4300-96X Fully Managed Switches Value type: REG_DWORD Value data: 00000001 2. If your Windows server 2008 R2 does not have service pack 1 installed, download and install Microsoft hot fix KB981190 from the following Microsoft website: http://support between the switch and the server must match - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 399
Series and M4300-96X Fully Managed Switches b. Double-click Secured Wired (Ethernet) Connections. The Secure Wired (Ethernet) Connections Properties pop-up screen displays cleared. e. Click the Apply button. f. Click the Conditions tab. The screen adjusts. MAB 399 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 400
M4300 Series and M4300-96X Fully Managed Switches g. Configure the NAS Port Type field as Ethernet. h. Click the Apply button. i. Click the Settings tab. The screen adjusts. MAB 400 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 401
Series and M4300-96X Fully Managed Switches j. Select the Override Network policy authentication settings check box. k. the network policies for the network policy server: a. Click Network Policy and Access Services > NPS > Policies > Network Policies. b. Double-click Secured Wired (Ethernet) - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 402
Series and M4300-96X Fully Managed Switches c. Select the Policy enabled check box. d. Select the Grant access radio button. e. From the Type of network access radio button cleared. f. Click the Apply button. g. Click the Conditions tab. The screen adjusts. MAB 402 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 403
M4300 Series and M4300-96X Fully Managed Switches h. Configure the NAS Port Type field as Ethernet. i. Click the Apply button. j. Click the Constraints tab. The screen adjusts. MAB 403 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 404
Series and M4300-96X Fully Managed Switches k. Under the EAP Types field, click the Add button. l. From the menu, select MD5-Challenge. m. Click the OK field, select MD5-Challenge. o. Click the Apply button. p. Click the Settings tab. The screen adjusts. MAB 404 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 405
Series and M4300-96X Fully Managed Switches q. Select all four encryption check boxes, including the No encryption check box. r. Click the Apply button. Password. Any temporary password. 2. Right-click the new user account name and select Properties. MAB 405 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 406
M4300 Series and M4300-96X Fully Managed Switches 3. Select the Password never expires check box. 4. Select the Store password using reversible encryption check box. 5. Click the Apply for which you want to allow a connection, and use uppercase letters only. MAB 406 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 407
Series and M4300-96X Fully Managed Switches Reduce the MAB Authentication Time to 10 seconds using the CLI: (Netgear Switch) #config (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#dot1x timeout guest-vlan-period 4. Click Apply. MAB 407 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 408
18 18SNTP Simple Network Time Protocol This chapter includes the following sections: • Simple Network Time Protocol Concepts • Show SNTP (CLI Only) • Configure SNTP • Set the Time Zone (CLI Only) • Set the Named SNTP Server 408 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 409
M4300-96X Fully Managed Switches supports SNTP client implemented over UDP, which listens on port 123. Show SNTP (CLI Only) The following are examples of the commands used in the SNTP feature. show sntp (Netgear Switch sntp client (Netgear Switch) #show sntp client Client Supported Modes: SNTP - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 410
Series and M4300-96X Fully Managed Switches show sntp server (Netgear Switch) #show sntp server Server IP Address: Server Type: Server Stratum: Server Reference Id: Server Mode: Server Maximum Entries . In that case, use the ping command on the PC to find SNTP 410 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 411
M4300 Series and M4300-96X Fully Managed Switches the server's IP address. The following example configures the SNTP server IP address to 208.14.208.19. (Netgear Switch) (Config)#sntp server 208.14.208.19 2. Unicast Requests: 2 Failed Unicast Requests: 0 SNTP 411 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 412
and M4300-96X Fully Managed Switches Local Browser Interface: Configure SNTP 1. Configure the SNTP server. a. Select System > Management 4. c. Click Add. 2. Configure SNTP globally. a. Select System > Management > Time > SNTP Global Configuration. A screen similar to the following displays. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 413
Series and M4300-96X Fully Managed Switches b. Enter the following information: • For Client Mode, Select the Unicast radio button. • In the Time Zone Name field, enter PST. • In the Offset Hours field, - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 414
Series and M4300-96X Fully Managed Switches Local Browser Interface: Set the Named SNTP Server 1. Configure the SNTP server. a. Select System > Management > Time > SNTP Server Configuration. A screen similar to the following displays. b. Enter the following information: • In the Server Type list - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 415
M4300 Series and M4300-96X Fully Managed Switches b. Enter the following information: • For DNS Status, select the Enable radio button • In the DNS Server field, enter 192.168.1.1. c. Click Add. SNTP 415 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 416
19 19Tools Tools to manage, monitor, and personalize the switch and network This chapter includes the following sections: • Traceroute • Configuration Scripting • Pre-Login Banner • Port Mirroring • Remote SPAN • Dual Image • Outbound Telnet • Error Disablement and - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 417
Series and M4300-96X Fully Managed Switches Traceroute This section describes the takes 16 hops to reach its destination. CLI: Traceroute (Netgear Switch) #traceroute? Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? Press Enter 417 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 418
M4300-96X Fully Managed Switches Local Browser Interface: Traceroute 1. Select Maintenance > Troubleshooting > Traceroute. A screen similar to the following displays. Use this screen to specify that the switch configuration scripts. • Can be applied to several switches. • Can save up to 10 scripts - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 419
M4300 Series and M4300-96X Fully Managed Switches Netgear Switch) #script ? apply delete list show validate Applies configuration script to the switch. Deletes a configuration script file from the switch Command (Netgear Switch) #script 1020706 bytes free. (Netgear Switch) #script delete basic. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 420
M4300 Series and M4300-96X Fully Managed Switches script apply running-config.scr Command (Netgear Switch) #script apply running-config.scr Are you sure you want to apply the to start? (y/n) y File transfer operation completed successfully. Tools 420 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 421
and M4300-96X Fully Managed Switches law. 2. Transfer the file from the PC to the switch using TFTP. (Netgear Switch) #copy tftp://192.168.77.52/banner.txt nvram Banner file transfer operation completed successfully! (Netgear Switch) #exit (Netgear Switch) >logout Login Banner - Unauthorized access - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 422
Series and M4300-96X Fully Managed Switches Port Mirroring The port mirroring feature: • Allows you to monitor network traffic with an external network analyzer. • Forwards a copy of each incoming and outgoing packet - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 423
Series and M4300-96X Fully Managed Switches Local Browser Interface: Specify the Source (Mirrored) Ports and Destination (Probe) 1. Select for analysis. Mirroring is usually limited to on one switch. With a remote switched port analyzer (RSPAN), you can extend mirroring to all participating - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 424
and M4300-96X Fully Managed Switches Switch 1 Reflected port 1/0/ 1/0/23 RSPAN VLAN 1/0/24 1/0/23 1/0/24 1/0/1 Switch 2 Switch 3 1/0/3 Switch 4 1/0/4 Source port Figure 46. Example of an RSPAN topology Destination port In the previous figure, Switch 1 is the source switch, Switch 2 and - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 425
and M4300-96X Fully Managed Switches (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#vlan 5 (Netgear Switch) (Config)(Vlan 5)#remote-span (Netgear Switch) (Config)(Vlan 5)#exit (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 426
and M4300-96X Fully Managed Switches (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#vlan 5 (Netgear Switch) (Config)(Vlan 5)#remote-span (Netgear Switch) (Config)(Vlan 5)#exit (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 427
M4300 Series and M4300-96X Fully Managed Switches The Dual Image feature works seamlessly with the stacking feature. All members in the stack must be uniform in their support for the dual Image feature. The Dual Image feature works in the following way in a stack. • When an image is activated, the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 428
Series and M4300-96X Fully Managed Switches Images currently available on Flash unit image1 image2 current-active next-active 1 5.11.2.51 8.0.0.2 image1 image1 (Netgear Switch) #boot system image2 Activating image image2 .. (Netgear Switch) #show bootvar Image Descriptions - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 429
Series and M4300-96X Fully Managed Switches Your settings are saved. 2. Activate image2. a. Select Maintenance > File Management > Dual Image Configuration. A screen similar to the following displays. b. Under conventions. • Must use a valid IP address. Tools 429 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 430
M4300-96X Fully Managed Switches CLI: show network (Netgear Switch) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch) User:admin Password: (Netgear Switch) >en Password: (Netgear Switch DHCP Management VLAN ID 1 Web Mode Enable Java Mode Disable CLI: show telnet (Netgear Switch)# - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 431
M4300 Series and M4300-96X Fully Managed Switches CLI: transport output telnet (Netgear Switch) (Config)#lineconfig ? Press Enter to execute the command. (Netgear Switch) (Config)#lineconfig (Netgear Switch) (Line)#transport ? input output Displays the protocols to use to connect to a - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 432
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Telnet 1. Select Netgear Switch) (Line)#session-limit 5 (Netgear Switch) (Line)#session-timeout ? Enter time in minutes. (Netgear Switch) (Line)#session-timeout 15 Tools 432 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 433
Series and M4300-96X Fully Managed Switches Local Browser Interface: . Error Disablement and Automatic Error Recovery The switch supports interface error disablement, also referred to as Diagnostic the interface is reenabled. Either you can manually reenable the error-disabled interface or you can - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 434
Series and M4300-96X Fully Managed Switches The following features are supported by autorecovery: • Keepalive. If loop protection is enabled, loop protection detects a loop, and the loop , the interface comes back up after the time-out interval expires. Tools 434 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 435
M4300 Series and M4300-96X Fully Managed Switches The following example shows how you can configure autorecovery for UDLD, change the time-out interval for autorecovery, and show the status of autorecovery for all features: 1. Enable autorecovery for UDLD. (Netgear Switch) #config (Netgear Switch) - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 436
M4300-96X Fully Managed Switches while port loop protection is enabled. If the switch receives a packet with the previously mentioned multicast destination address, the source MAC address in the packet is compared with the MAC address of the switch switch, the switch can switch switches Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 437
Series and M4300-96X Fully Managed Switches Nondisruptive Configuration Management If you are managing a large network with thousands of switches, the best way to change the switch configuration is to provide a new startup configuration file to the switch and let the switch gracefully resolve any - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 438
Series and M4300-96X Fully Managed Switches Full Memory Dump The full memory dump feature provides the ability to retrieve the state of a crashed system and load it into a debugger to recreate the crashed state. This capability is useful when the switch encounters a crash. The following example - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 439
20 20Syslog System logging This chapter includes the following sections: • Syslog Concepts • Show Logging • Show Logging Buffered • Show Logging Traplogs • Show Logging Hosts • Configure Logging for a Port • Email Alerting 439 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 440
M4300 Series and M4300-96X Fully Managed Switches Syslog Concepts The syslog feature: • Allows you to store system messages and errors. • Can store to local files on the switch interface procedure. CLI: Show Logging (Netgear Switch) #show logging Logging Client Local Port Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 441
Series and M4300-96X Fully Managed Switches Local Browser Interface: Show Logging 1. Configure the syslog. a. From the main menu, select Monitoring > Logs > Sys log. a. Select Monitoring > Logs > Console Log. A screen similar to the following displays. Syslog 441 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 442
Series and M4300-96X Fully Managed Switches b. Under Console Log Configuration, for Admin Status, select the Disable radio button. c. Click Apply. 4. Configure the buffer logs Buffer Logs, for Admin Status, select the Enable radio button. c. Click Apply. Syslog 442 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 443
M4300 Series and M4300-96X Fully Managed Switches Show Logging Buffered The example is shown as CLI commands and as a local browser interface procedure. CLI: Show Logging Buffered (Netgear Switch) #show logging buffered ? Press Enter to execute the command. (Netgear Switch Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 444
Managed Switches Local Browser Interface: Show Logging Buffered Select Monitoring > Logs > Buffer Logs. A screen similar to the following displays. Show Logging Traplogs The example is shown as CLI commands and as a local browser interface procedure. CLI: Show Logging Traplogs (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 445
M4300-96X Fully Managed Switches Local Browser Interface: Show Logging Trap Logs Select Monitoring > Logs > Trap Logs. A screen similar to the following displays. Show Logging Hosts The example is shown as CLI commands and as a local browser interface procedure. CLI: Show Logging Hosts (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 446
and M4300-96X Fully Managed Switches Local Logging for the Port (Netgear Switch) #config (Netgear Switch) (Config)#logging ? buffered Host Syslog Configuration. (Netgear Switch) (Config)#logging Host Reconfiguration remove Logging Host Removal (Netgear Switch) (Config)#logging host 192.168.21 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 447
M4300 Series and M4300-96X Fully Managed Switches (Netgear Switch) (Config)#logging host 192.168.21.253 4 ? Press Enter to execute the command. Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). (Netgear Switch) ( - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 448
Series and M4300-96X Fully Managed Switches Email Alerting Email alerting is an extension of the logging system. The logging system allows you to configure a set all log messages that were not sent previously are immediately forwarded to the SMTP server. Syslog 448 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 449
Series and M4300-96X Fully Managed Switches CLI: Send Log Messages to [email protected] Using Account [email protected] 1. Configure an SMTP server, for example, smtp.netgear.com. Before you configure the SMTP server, you need to have an account on SMTP server. (Netgear Switch) (Config)#mail-server - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 450
procedures to manage NETGEAR stackable managed switches that are running release 12.0 or a newer release. This chapter includes the following sections: • Switch Stack Management and Connectivity • Stack Master and Stack Members • Install and Power-up a Stack • Switch Firmware and Firmware Mismatch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 451
M4300 Series and M4300-96X Fully Managed Switches Switch Stack Management and Connectivity You manage the switch stack through the stack master. You cannot manage stack members on an individual basis. To access the stack master, use either a serial connection to the switch master's console port or a - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 452
and M4300-96X Fully Managed Switches Stack Master The stack master is the single point of stack-wide management. From the stack master, you can configure: • System-level (global) features that apply to all stack members • Interface-level features for all interfaces on any stack member A switch stack - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 453
Series and M4300-96X Fully Managed Switches Stack Members A switch stack can include up to eight stack members connected through their stack ports. A switch stack always includes one stack master. A standalone switch is a switch stack with one stack member that also operates as the stack master - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 454
and M4300-96X Fully Managed Switches Compatible Switch Models NETGEAR stackable managed switches include the following M4300 switch models: • Full 10G models: - M4300-16X - M4300-8X8F - M4300-12X12F - M4300-24X24F • 1G models with 10G uplinks: - M4300-28G - M4300-28G-POE+ - M4300-52G - M4300-52G - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 455
do not come up. In that situation, the output of the show switch command shows a code (firmware) mismatch error. Note: NETGEAR recommends that you schedule the firmware upgrade when there is no excessive network traffic (such as a broadcast event). Switch Stacks 455 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 456
Series and M4300-96X Fully Managed Switches To download new firmware to the master switch and other switches in the stack: 1. Using TFTP or xmodem, issue the copy command on the master switch. After the firmware is successfully loaded onto the master switch, the firmware automatically propagates - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 457
Series and M4300-96X Fully Managed Switches Local Browser Interface: Copy Master Firmware to a Stack Member 1. Select Maintenance > File Management > Copy. A screen similar to the following displays. 2. In the Stack Member menu, select 2. 3. Click Apply. Stack Switches Using a 10G Copper Port This - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 458
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure the 10G Copper Ports as Stack Ports 1. On Switch A, configure the stack port and reboot the switch. (Netgear Switch Ethernet Ethernet Link Down 10 2 0/28 Stack Stack Link Down 10 Switch Stacks 458 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 459
M4300 Series and M4300-96X Fully Managed Switches 3. On Switch B, configure the stack port and reboot the switch. (Netgear Switch) #show stack-port Configured Running Stack Stack Ethernet Link Down 10 1 0/28 Stack Stack Link Down 10 Switch Stacks 459 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 460
M4300-96X Fully Managed Switches Local Browser Interface: Configure the 10G Copper Ports as Stack Ports 1. On Switch Click Apply to save the settings. 2. Reboot the switch. a. Select Maintenance > Reset > Device Reboot. A select 2. c. Click Apply. 3. On Switch B, configure a stack port as an Ethernet - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 461
Series and M4300-96X Fully Managed Switches b. Scroll down and select the 1/0/28 check box. c. In the Configured Stack Mode menu, select Stack. d. Click Apply to save the settings. 4. Reboot the switch. a. Select Maintenance > Reset > Device Reboot. A screen similar to the following displays. b. In - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 462
Series and M4300-96X Fully Managed Switches 2. Preconfigure any new switches. 3. Power off all new switches that must join the stack. CAUTION: If you cable one or more powered-on switches to the stack, the existing stack and the new switches assume that two stacks are merging. They elect a single - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 463
Series and M4300-96X Fully Managed Switches CAUTION: If the switch stack is not cabled correctly, removing powered-on stack members might cause the switch stack to divide (that is, partition) into two or more switch stacks, each with the same configuration. Make sure that the switch stack is cabled - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 464
and M4300-96X Fully Managed Switches Verify, by monitoring the master switch console port, that the new switch successfully joins the stack by issuing the show switch command. The new switch must join as a member (not as master; the existing master of the stack must not change). 8. If the firmware - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 465
Series and M4300-96X Fully Managed Switches Table 3. Switch stack master scenarios (continued) Scenario Add a stack member. Stack master failure. Action Result • Power off the new switch The stack master is retained. • Through their stack ports, connect the The new switch is added to the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 466
M4300 Series and M4300-96X Fully Managed Switches When you add a preconfigured switch to the switch stack, the stack applies either the preconfigured configuration or the default configuration. The following table lists the events that can occur when the switch stack compares the preconfigured - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 467
and M4300-96X Fully Managed Switches • If you need to reassign multiple existing stack unit numbers, the configuration could become mismatched. To avoid this situation, NETGEAR recommends that you power down all switches except the master, and then add them back one at a time (see Add Switches to - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 468
Series and M4300-96X Fully Managed Switches Move the Stack Master to a Different Unit This example is provided : (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#movemanagement 1 2 Local Browser Interface: Move the Stack Master to a Different Unit 1. Select System > Management > - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 469
and M4300-96X Fully Managed Switches 3. Click the OK button. 4. Click Apply to save the settings. Note: If the master receives its IP address from a DHCP server and you move the master to a different unit, its IP address might change and you could lose the connection to the switch. Switch Stacks - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 470
22 22SNMP Simple Network Management Protocol This chapter includes the following sections: • Add a New Community • Enable SNMP Trap • SNMP Version 3 • sFlow • Time-Based Sampling of Counters with sFlow 470 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 471
and M4300-96X Fully Managed Switches Add a New Community The example is shown as CLI commands and as a local browser interface procedure. CLI: Add a New Community (Netgear switch) #config (Netgear switch) 6. In the Status field, select Enable. 7. Click Add. SNMP 471 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 472
M4300-96X Fully Managed Switches Enable SNMP Trap The example is shown as CLI commands and as a local browser interface procedure. CLI: Enable SNMP Trap This example shows how to send SNMP trap to the SNMP server. (Netgear switch) #config (Netgear switch SNMP 472 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 473
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Link Up/Down, select the Enable radio button. c. Click Apply. SNMP Version 3 The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure SNMPv3 (Netgear Switch) # - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 474
M4300-96X Fully Managed Switches Local Browser Interface: Configure SNMPv3 1. Change the user password. If you set the authentication mode to MD5, you must make the length of password longer than 8 characters. a. Select Security > Management Security > User Configuration > User Management Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 475
Series and M4300-96X Fully Managed Switches sFlow sFlow is the standard for monitoring high-speed switched and routed networks. sFlow technology is built into network equipment and gives complete visibility into network activity, enabling effective management and control of network resources. The - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 476
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure Statistical Packet-Based Sampling of Packet Flows with sFlow 1. Configure the sFlow receiver (sFlow collector) IP address. In this example, sFlow samples will be sent to the destination address 192.168.10.2. (Netgear Switch) (Config - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 477
Series and M4300-96X Fully Managed Switches 5. View the sampling port configurations. (Netgear Switch)) #show sflow samplers Sampler Receiver Packet Data Source Index size. a. Select Monitoring > sFlow > Advanced > sFlow Interface Configuration. SNMP 477 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 478
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Select the Interface 1/0/1 check the ports to be polled. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow poller 1 (Netgear Switch) (Interface 1/0/1)# sflow poller interval - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 479
Series and M4300-96X Fully Managed Switches 2. View the polling port configurations. (Netgear Switch) #show sflow pollers Poller Receiver Data Source Index ----------- --------- enter 300. A screen similar to the following displays. 4. Click Apply. SNMP 479 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 480
23 23DNS Domain Name System This chapter includes the following sections: • Domain Name System Concepts • Specify Two DNS Servers • Manually Add a Host Name and an IP Address 480 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 481
Series and M4300-96X Fully Managed Switches Domain Name System Concepts The Domain Name System (DNS) protocol maps a host name to an IP address, allowing you to replace the IP address with - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 482
as a local browser interface procedure. CLI: Manually Add a Host Name and an IP Address (Netgear Switch)#config (Netgear Switch) (Config)#ip host www.netgear.com 206.82.202.46 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#ping www.netgear.com Send count=3, Receive count=3 from - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 483
Managed Switches Local Browser Interface: Manually Add a Host Name and an IP Address 1. Select System > Management > DNS > Host Configuration. A screen similar to the following displays. 2. Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www.netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 484
24 24DHCP Server Dynamic Host Configuration Protocol Server This chapter includes the following sections: • Dynamic Host Configuration Protocol Concepts • Configure a DHCP Server in Dynamic Mode • Configure a DHCP Server that Assigns a Fixed IP Address 484 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 485
200 (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface vlan 200 (Netgear Switch) (Interface-vlan 200)#routing (Netgear Switch) (Interface-vlan 200)#ip address 192.168.100.1 255.255.255.0 (Netgear Switch) #config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 486
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure a DHCP Server in Dynamic Mode 1. Create VLAN 200. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to Apply. 3. Assign PVID to the VLAN 200. DHCP Server 486 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 487
Series and M4300-96X Fully Managed Switches a. Select Switching > the settings. 4. Create a new DHCP pool. a. Select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following Click Apply to enable the DHCP service. d. Select System > Services > DHCP Server > DHCP - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 488
Series and M4300-96X Fully Managed Switches e. Under DHCP Pool Configuration, enter Netgear Switch)#config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config)#ip dhcp pool pool_manual (Netgear Switch) (Config-dhcp-pool)#client-name dhcpclient (Netgear Switch Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 489
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure a DHCP Server that Assigns a Fixed IP Address 1. Select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. 2. For Admin Mode, select the Enable radio button. 3. Click - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 490
Series and M4300-96X Fully Managed Switches • In the Hardware Type list, select ethernet. • In the Host Number field, enter 192.168.200.1. • In the Network Mask enter 1. 6. Click Add. The pool_manual name is now added to the Pool Name drop-down list. DHCP Server 490 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 491
25 25DHCPv6 Server Dynamic Host Configuration Protocol version 6 Server This chapter includes the following sections: • Dynamic Host Configuration Protocol Version 6 Concepts • CLI: Configure DHCPv6 Prefix Delegation • Local Browser Interface: Configure DHCPv6 Prefix Delegation • Configure a - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 492
and M4300-96X Fully Managed Switches Dynamic Host Configuration Protocol Version 6 Concepts Dynamic Host Configuration Protocol version 6 (DHCPv6) for IPv6 is used to assign IPv6 addresses statefully and distribute other configuration information such as domain name or DNS server. DHCPv6 supports - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 493
Series and M4300-96X Fully Managed Switches Switch functioning as PE router 2001:1::/64 CPE router enable DHCP service. (NETGEAR SWITCH) (Config)#service dhcpv6 (NETGEAR SWITCH) (Config)#ipv6 dhcp pool pool1 (NETGEAR SWITCH) (Config dhcp6 pool)#domain name netgear.com (NETGEAR SWITCH) (Config - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 494
M4300 Series and M4300-96X Fully Managed Switches 3. Enable DHCPv6 service on port 1/0/9. (NETGEAR SWITCH) (Config)#interface 1/0/9 (NETGEAR SWITCH) (Interface 1/0/9)#routing (NETGEAR SWITCH) (Interface 1/0/9)#ipv6 address 2001:1::1/64 (NETGEAR SWITCH) (Interface 1/0/9)#ipv6 enable (NETGEAR SWITCH) - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 495
Series and M4300-96X Fully Managed Switches 2. Enable IPv6 unicast globally. a. Select Routing > IPv6 > Basic > Global Configuration. A screen similar to the prefix on interface 1/0/9. a. Select Routing > IPv6 > Advanced > Prefix Configuration. DHCPv6 Server 495 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 496
Series and M4300-96X Fully Managed Switches A screen similar 5. Enable the DHCPv6 server configuration. a. Select System > Services > DHCPv6 Server > DHCPv6 Server Configuration. A screen similar to pool1. a. Select System > Services > DHCP Server > DHCPv6 Pool Configuration. DHCPv6 Server - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 497
M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Pool Name list, select Create. c. In the Pool Name field, enter pool1. d. Click Apply to save the settings. 7. Configure the prefix in the pool1. a. Select System > Services > Services > DHCPv6 Server - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 498
Series and M4300-96X Fully Managed Switches A screen server to clients that receive an IPv6 address in autoconfiguration mode or manual mode. The configured DHCP pool does not contain a prefix pool Enable IPv6 routing. (Netgear Switch) (Config)#ipv6 unicast-routing DHCPv6 Server 498 Software - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 499
and M4300-96X Fully Managed Switches 2. Create an IPv6 pool with a DNS server and enable the DHCPv6 service. (Netgear Switch) (Config)#ipv6 dhcp pool ipv6_server (Netgear Switch) (Config-dhcp6s-pool)#dns-server 2011:9:18::1 (Netgear Switch) (Config-dhcp6s-pool)#exit (Netgear Switch) (Config)#service - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 500
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll e. In the EUI64 field, select Disable. f. Click Add. 4. Enable DHCPv6 service. a. Select System > Services > DHCPv6 Server > DHCPv6 Server Configuration. DHCPv6 Server 500 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 501
M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply to save the settings. 5. Create a DHCPv6 pool. a. Select System > Services Select System > Services > DHCPv6 Server > DHCPv6 Interface Configuration. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 502
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Select the 2/0/21 check box in stateful mode. CLI: Configure a Stateful DHCPv6 Server 1. Enable IPv6 routing. (Netgear Switch) (Config)#ipv6 unicast-routing DHCPv6 Server 502 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 503
M4300 Series and M4300-96X Fully Managed Switches 2. Create an IPv6 pool with a DNS server and enable the DHCPv6 service. (Netgear Switch) (Config)#ipv6 dhcp pool ipv6_server (Netgear Switch) (Config-dhcp6s-pool)#address prefix 2001:1:2::/64 (Netgear Switch) (Config-dhcp6s-pool)#exit (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 504
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Select In the EUI64 field, select Disable. f. Click Add. 4. Enable the DHCPv6 service. a. Select System > Services > DHCPv6 Server > DHCPv6 Server Configuration. DHCPv6 Server 504 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 505
M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply to save the settings. 5. Create the DHCPv6 pool. a. Select System > Services pool. a. Select System > Services > DHCPv6 Prefix Delegation Configuration > - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 506
M4300-96X Fully Managed Switches A screen similar to the following displays. b. In Pool Name list, select ipv6_server. c. In the Prefix field, enter 2001:1:2::. d. In the Prefix Length field, enter 64. e. Click Add. 7. Enable the DHCPv6 pool on interface 1/0/1. a. Select System > Services Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 507
Switch) (Config)#service dhcpv6 (Netgear Switch) (Config)#ipv6 dhcp pool pool1 (Netgear Switch) (Config-dhcp6s-pool)#domain-name netgear.com (Netgear Switch) (Config-dhcp6s-pool)#address prefix 2001:2::/64 (Netgear Switch) (Config-dhcp6s-pool)#exit DHCPv6 Server 507 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 508
M4300 Series and M4300-96X Fully Managed Switches 3. Enable DHCPv6 service on VLAN 1. (Netgear Switch) (Config)#interface vlan 1 (Netgear Switch) (Interface vlan 1)#ipv6 address 2001:1::1/64 (Netgear Switch) (Interface vlan 1)#ipv6 enable (Netgear Switch) (Interface vlan 1)#ipv6 dhcp server pool1 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 509
M4300-96X Fully Managed Switches 3. On the DHCPv6 relay, configure the interface that is connected to the DHCPv6 client. (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan routing 2 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface vlan 2 (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 510
26 26DVLANs and Private VLANs Double VLANS and private VLAN groups This chapter includes the following sections: • Double VLANs • Private VLAN Groups 510 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 511
Series and M4300-96X Fully Managed Switches Double VLANs This section describes how to enable the double DVLAN feature. Double VLANs pass traffic from one customer domain to another through the metro core. Custom VLAN IDs are preserved and a provider service VLAN ID is added to the traffic so the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 512
Series and M4300-96X Fully Managed Switches CLI: Enable a Double VLAN Create a VLAN 200. (Netgear Switch)#vlan database (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#exit Add interface 1/0/24 to VLAN 200, add pvid 200 to port. (Netgear Switch) #config (Netgear Switch) (Config)#interface - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 513
M4300 Series and M4300-96X Fully Managed Switches b. Under VLAN Configuration, enter the following information: • In the VLAN ID field, enter 200. • In the VLAN Name field, enter vlan200. • In the VLAN Type field, select Static. c. Click Add. 2. Add ports 24 and 48 to VLAN 200. a. Select Switching > - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 514
Series and M4300-96X Fully Managed Switches d. Click Apply to save the settings. 4. Configure port 48 as the provider service port: a. Select Switching > VLAN > Advanced > Port DVLAN Configuration. A screen Apply to save the settings. DVLANs and Private VLANs 514 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 515
M4300 Series and M4300-96X Fully Managed Switches Private VLAN Groups The private VLAN group allows you to 1 is in community mode, and Group 2 is in isolated mode. Internet Port 1/0/13 Layer 2 Switch Port 1/0/6 Port 1/0/7 Port 1/0/17 Port 1/0/16 Group 1 Group 2 Figure 55. Private VLAN groups - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 516
and M4300-96X Fully Managed Switches CLI: Create a Private VLAN Group 1. Enter the following commands. (Netgear Switch) # (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/6 (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 517
Series and M4300-96X Fully Managed Switches 5. Add 1/0/16 and 1/0/7 to the private group 1. (Netgear Switch) (Config)#interface range 1/0/16-1/0/17 (Netgear Switch) (conf-if-range-1/0/16-1/0/17)#switchport private-group 2 6. Add 1/0/16 and 1/0/7 to the private group 2. (Netgear Switch) (conf-if - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 518
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under VLAN Membership, in the VLAN ID list, select 200. Traffic Control > Private Group VLAN > Private Group VLAN > Private Group Configuration. DVLANs and Private VLANs 518 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 519
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Group Name field, enter group1. c. In the a. Select Security > Traffic Control > Private Group VLAN > Private Group Configuration. DVLANs and Private VLANs 519 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 520
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Group Name field, enter group2. c. In the Group ID field, enter 2. 16 and 17, and a check mark displays in each box. e. Click Apply. DVLANs and Private VLANs 520 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 521
27 27STP Spanning Tree Protocol This chapter includes the following sections: • Spanning Tree Protocol Concepts • Configure Classic STP (802.1d) • Configure Rapid STP (802.1w) • Configure Multiple STP (802.1s) • Configure PVSTP and PVRSTP 521 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 522
Series and M4300-96X Fully Managed Switches Spanning Tree Protocol Concepts The purpose of the Spanning Tree Protocol (STP) is to eliminate loops in the switch system. There are three STPs: Classic STP (802.1d), Rapid STP (RSTP, 802.1w), and Multiple STP (MSTP, 802.1s). While STP can take 30 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 523
M4300 Series and M4300-96X Fully Managed Switches b. Enter the following information: • For Spanning Tree Admin Mode, select the Enable radio button. • For Force Protocol Version, select the IEEE 802.1d radio button. c. Click Apply. 2. Configure the CST port. a. Select Switching > STP > CST Port - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 524
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Rapid STP (802.1w) 1. Enable 802.1w on the switch: a. Select Switching > STP > STP Configuration. A screen similar to the c. In the Port Mode field, select Enable. d. Click Apply. STP 524 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 525
M4300 Series and M4300-96X Fully Managed Switches Configure Multiple STP (802.1s) The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure Multiple STP (802.1s) (Netgear switch) (Config)# spanning-tree (Netgear switch) (Config)# spanning-tree mode mst (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 526
M4300-96X Fully Managed Switches Local Browser Interface: Configure Multiple STP (802.1s) 1. Enable 802.1s on the switch. a. Select Switching Revision Level field, enter 0. c. Click Apply. 2. Configure MST. a. Select Switching > STP > MST Configuration. A screen similar to the following displays. b. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 527
M4300 Series and M4300-96X Fully Managed Switches • Click Apply. c. Configure MST ID 2. • In the MST ID field, enter 2. • In the Priority field, enter 4096. • In the VLAN Id field, enter 11. • Click Add. • In the VLAN Id field, enter 12. • Click Apply. 3. Configure the MST port. a. Select Switching - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 528
Series and M4300-96X Fully Managed Switches Per VLAN Spanning Tree Protocol (PVSTP or native VLAN instance to communicate with a switch that runs an IEEE standard spanning tree protocol. PVRSTP embeds support for the FastUplink feature to speed up the STP 528 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 529
Series and M4300-96X Fully Managed Switches switch, the switch acts as if an indirect link to the root failed. To speed up the convergence time, the switch expires the maximum age timer immediately and forces the port through the Listening and Learning states. The following diagram shows a simple - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 530
Series and M4300-96X Fully Managed Switches 3. Verify the PVSTP status. (Netgear Switch) #show spanning-tree vlan 1002 VLAN 1002 Spanning-tree enabled protocol pvst RootID Priority 33770 Address 6C:B0:CE:19:AE:3D Cost 20000 Port 1(1/0/1 ) - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 531
M4300 Series and M4300-96X Fully Managed Switches 3. Verify the PVSTP status. (Netgear Switch) #show spanning-tree vlan 1002 VLAN 1002 Spanning-tree enabled protocol pvst RootID Priority 33770 Address 6C:B0:CE:19:AE:3D Cost 0 Port This switch is the root Hello Time 2 Sec Max Age 20 sec - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 532
Series and M4300-96X Fully Managed Switches b. Configure the following settings: • For Spanning Tree Admin Mode, select . 3. Display the PVST status for port 1/0/1 and 1/0/2 in VLAN 1002. a. Select Switching > STP > Advanced > PVST Interface. A screen similar to the following displays. STP - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 533
Series and M4300-96X Fully Managed Switches b. From the VLAN ID menu, select 1002. The roles of ports 1/0/1 and 1/0/2 display. 4. To enable the switch to be elected as the root, change the PVST priority to lower value (for example, 0). a. Select Switching > STP > Advanced > PVST VLAN. A screen - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 534
Series and M4300-96X Fully Managed Switches c. In the Priority field, enter 0. d. Click Apply. Local Browser Interface: Configure PVSTP on Switch 2 1. Ensure the PVST status for ports 1/0/1 and 1/0/2 in VLAN 1002. a. Select Switching > STP > Advanced > PVST Interface. A screen similar to the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 535
M4300 Series and M4300-96X Fully Managed Switches b. From the VLAN ID menu, select 1002. The roles of ports 1/0/1 and 1/0/2 display. STP 535 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 536
28 28Tunnels for IPv6 6in4 tunnels and 6to4 tunnels This chapter includes the following sections: • Tunnel Concepts • Create a 6in4 Tunnel • Create a 6to4 Tunnel 536 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 537
M4300-96X Fully Managed Switches 6to4 IPv6 address of the tunnel's next hop. A 6to4 tunnel supports the functionality of a 6to4 border router that connects a 6to4 site between Switch 1 and Switch 2. The tunnel carries IPv6 packets over IPv4 packets. 1/0/1 Switch 1 IPv4 Network 1/0/13 Switch 2 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 538
Series and M4300-96X Fully Managed Switches CLI: Create a 6in4 Tunnel You must configure Switch 1 and Switch 2. CLI: Create a 6in4 Tunnel on Switch 1 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#interface - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 539
and M4300-96X Fully Managed Switches CLI: Create a 6in4 Tunnel on Switch 2 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Switch) (Interface - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 540
Series and M4300-96X Fully Managed Switches a. Select Routing > IPv6 > Basic> Global Configuration. A screen similar to the following displays. b. For Create a 6-in-4 tunnel interface. a. Select Routing > IPv6 > Advanced > Tunnel Configuration. Tunnels for IPv6 540 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 541
Series and M4300-96X Fully Managed Switches A screen Local Browser Interface: Create a 6in4 Tunnel on Switch 2 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > Enable IPv6 forwarding and unicast routing on the switch. a. Select Routing > IPv6 > Basic > Global - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 542
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. Create a 6-in-4 tunnel interface. a. Select Routing > IPv6 > Advanced > Tunnel Configuration. Tunnels for IPv6 542 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 543
M4300 Series and M4300-96X Fully Managed Switches A traffic between Switch 1 and Switch 3 and the traffic between Switch 2 and Switch 3). The NETGEAR switch forwards traffic in the following figure, the traffic between Switch 1 and Switch 2). The NETGEAR switch does not forward traffic from one IPv6 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 544
Series and M4300-96X Fully Managed Switches IPv6 island Switch 1 Computer 1 1/0/3 1/0/1 IPv4 domain IPv4 switch 2/0/1 Switch 2 IPv6 island 2/0/1 2/0/3 Computer 2 Switch 3 2/0/24 IPv6 domain Computer 3 Figure 58. 6to4 tunnel configuration Note: The following examples do not include - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 545
Series and M4300-96X Fully Managed Switches 3. Configure the IPv6 address on the 6to4 tunnel in the format 2002:V4ADDR::Host/16, in which where V4ADDR is the source IPv4 address of the tunnel. The prefix length for the tunnel must be 16. (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 546
Series and M4300-96X Fully Managed Switches 7. Verify the configuration. (Netgear Switch) #show ipv6 route IPv6 Routing Table - 5 entries Codes: C - connected, S - static, 6To4 - 6to4 Route, B - BGP Derived O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 547
and M4300-96X Fully Managed Switches 4. Configure the IPv6 address for routing port 2/0/3. The IPv6 address format is 2002:V4ADDR:Subnet::Host/64, in which V4ADDR is the source IPv4 address of the tunnel and Subnet is the subnet of 2002:V4ADDR::/64. (Netgear Switch) (Config)#interface 2/0/3 (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 548
M4300-96X Fully Managed Switches 3. Configure the IPv6 address on the 6to4 tunnel in the format 2002:V4ADDR::Host/16, in which where V4ADDR is the source IPv4 address of the tunnel. The prefix length for the tunnel must be 16. (Netgear Switch) (Config)#interface tunnel 0 (Netgear Switch Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 549
M4300-96X Fully Managed Switches Local Browser Interface: Create a 6to4 Tunnel You must configure Switch1, Switch2, and Switch 3. Local Browser Interface: Create a 6to4 Tunnel on Switch 1 1. Enable IP routing on Switch assign an IP address to it. Tunnels for IPv6 549 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 550
Series and M4300-96X Fully Managed Switches a. Select Routing > IP > Advanced > IP Interface Configuration. A heading. c. Configure the following settings: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 195.1.3.2. • In the Subnet Mask field, enter - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 551
Series and M4300-96X Fully Managed Switches The settings for port 1/0/3 display in the fields in the table heading. c. Configure the following settings Routing > IPv6 > Advanced > Tunnel Configuration. A screen similar to the following displays. Tunnels for IPv6 551 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 552
Series and M4300-96X Fully Managed Switches b. Configure the following tunnel settings: • In the Tunnel ID field, select 0. • In the Mode field, select 6-to-4. • In the field, enter 16. • In the Next Hop IPv6 Address Type field, select Global. Tunnels for IPv6 552 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 553
Series and M4300-96X Fully Managed Switches • In the Next Hop IPv6 Address field, enter 2002:c301:502::1. c. Click Add. 8. Create a static route for subnet 195.1.4.0/24. 255.255.0. • In the Next Hop Address field, enter 195.1.3.1. c. Click Add. Tunnels for IPv6 553 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 554
Series and M4300-96X Fully Managed Switches Local Browser Interface: Create a 6to4 Tunnel on Switch 2 1. Enable IP routing on Switch 2. a. Select Routing > IP > Basic > IP Configuration. A screen A screen similar to the following displays. Tunnels for IPv6 554 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 555
M4300 Series and M4300-96X Fully Managed Switches b. Above the table heading, Under IP Interface Configuration, click 2. c. Select the 2/0/1 check box for port 2/0/1. The settings for port 2/0/1 display in the fields in the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 556
Series and M4300-96X Fully Managed Switches d. Configure the following settings: • In the IPv6 Mode field, select Enable. • In the Routing Mode field Routing > IPv6 > Advanced > Tunnel Configuration. A screen similar to the following displays. Tunnels for IPv6 556 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 557
Series and M4300-96X Fully Managed Switches b. Configure the following tunnel settings: • In the Tunnel ID field, 195.1.4.1. c. Click Add. Local Browser Interface: Create a 6to4 Tunnel on Switch 3 1. Enable IP routing on Switch 3. a. Select Routing > IP > Basic > IP Configuration. Tunnels for - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 558
M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Enable IPv6 forwarding and unicast routing on Switch A screen similar to the following displays. Tunnels for IPv6 558 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 559
M4300 Series and M4300-96X Fully Managed Switches b. Above the table heading, Under IP Interface Configuration, click 2. c. Select the 2/0/1 check box for port 2/0/1. The settings for port 2/0/1 display in the fields in the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 560
Series and M4300-96X Fully Managed Switches 5. Configure the IPv6 address for the IPv6 routing interface 2/0/24. a. Select Routing > IPv6 > Advanced > Prefix Configuration. A In the IPv6 Address/Prefix Length field, enter 2002:c301:402::1/16. Tunnels for IPv6 560 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 561
Series and M4300-96X Fully Managed Switches • In the EUI64 field, select Disable. • In the Source Address field, enter 195.1.4.2. c. Click Add. d. Configure the following 255.255.0. • In the Next Hop Address field, enter 195.1.5.1. c. Click Add. Tunnels for IPv6 561 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 562
29 29IPv6 Interface Configuration IPv6 routing and routing VLANs This chapter includes the following sections: • Create an IPv6 Routing Interface • Create an IPv6 Routing VLAN • Configure DHCPv6 Mode on the Routing Interface 562 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 563
and M4300-96X Fully Managed Switches Create an IPv6 Routing Interface The example is shown as CLI commands and as a local browser interface procedure. CLI: Create an IPv6 Routing Interface 1. Enable IPV6 forwarding and unicast routing on the switch. (Netgear Switch) (Config)#ipv6 forwarding (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 564
Series and M4300-96X Fully Managed Switches (Netgear Switch) #show ipv6 interface 1/0/1 IPv6 is enabled IPv6 Prefix is FE80::21E:2AFF:FED9: routing on interface 1/0/1. a. Select Routing > IPv6 > Advanced > Interface Configuration. IPv6 Interface Configuration 564 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 565
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IPv6 Interface Configuration, scroll down and select the Interface 1/0/1 enter 64. e. In the EUI64 field, select Disable. f. Click Add. IPv6 Interface Configuration 565 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 566
M4300-96X Fully Managed Switches Create an IPv6 Routing VLAN The example is shown as CLI commands and as a local browser interface procedure. CLI: Create an IPv6 Routing VLAN 1. Create a routing VLAN with VLAN ID 500. Netgear Switch) (Vlan)#vlan 500 (Netgear Switch) (Vlan)#vlan routing 500 (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 567
and M4300-96X Fully Managed Switches 4. Enable IPV6 forwarding and unicast routing on the switch. (Netgear Switch) (Config)#ipv6 forwarding (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) # Autonomous Flag Enabled IPv6 Interface Configuration 567 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 568
Series and M4300-96X Fully Managed Switches Local Browser Interface: Create an IPv6 VLAN Routing Interface 1. Create VLAN 500. a. Select Switching > VLAN > Basic > VLAN Configuration. A screen similar to the PVID on port 1/0/1. IPv6 Interface Configuration 568 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 569
Series and M4300-96X Fully Managed Switches a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following displays. b. Under PVID VLAN interface 0/4/2 displays. c. Select the 0/4/2 check box. IPv6 Interface Configuration 569 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 570
Series and M4300-96X Fully Managed Switches d. Under IPv6 Interface Configuration, in the IPv6 Mode field, select Disable. f. Click Add. Configure DHCPv6 Mode on the Routing Interface The routing interface supports DHCPv6 mode, which can get the IPv6 address from a DHCPv6 server (address allocation - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 571
M4300-96X Fully Managed Switches CLI: Configure DHCPv6 mode on routing interface 1. Enable IPv6 unicast globally. (Netgear Switch) (Config)#ipv6 unicast-routing 2. Enable DHCPv6 on the interface 1/0/23. (Netgear Switch) (Config)#interface 1/0/23 (Netgear Switch) (Interface 1/0/23)#routing (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 572
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure DHCPv6 mode on routing interface 1. Enable IPv6 unicast globally. a. Select Routing > 1/0/23. a. Select Routing > IPv6 > Advanced > Prefix Configuration. IPv6 Interface Configuration 572 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 573
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/23. You can see the IPv6 address assigned by the DHCPv6 server. IPv6 Interface Configuration 573 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 574
30 30PIM Protocol Independent Multicast This chapter includes the following sections: • Protocol Independent Multicast Concepts • PIM-DM • PIM-SM 574 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 575
Series and M4300-96X Fully Managed Switches Protocol Independent Multicast Concepts The PIM protocol can be configured to operate on IPv4 and IPv6 networks. receivers (due to frequent flooding) • High volume of multicast traffic • Constant stream of traffic PIM 575 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 576
192.168.5.0/24 M4300 Series and M4300-96X Fully Managed Switches Source IP 192.168.1.1 Switch A Port 1/0/13 Port 1/0/1 Port 1/0/9 Port 1/0/10 Subnet 192.168.3.0/24 Port 1/0/11 Switch B Switch D Port 1/0/21 is propagated throughout the network. When PIM 576 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 577
Series and M4300-96X Fully Managed Switches received by a router on its RPF interface, the state PIM-DM PIM-DM on Switch A 1. Enable IP routing on the switch. (Netgear Switch) #configure (Netgear Switch) (Config)#ip routing 2. Enable pimdm on the switch. (Netgear Switch) (Config)#ip pim dense - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 578
M4300-96X Fully Managed Switches 5. Enable PIM-DM on the interface. (Netgear Switch) (Interface 1/0/1)#ip pim (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/9 (Netgear Switch) (Interface 1/0/9)#routing (Netgear Switch) (Interface 1/0/9)#ip address (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 579
M4300-96X Fully Managed Switches PIM-DM on Switch C (Netgear Switch) #configure (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pim dense (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 580
M4300-96X Fully Managed Switches 2. Enable IGMP on port 1/0/24. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#routing (Netgear Switch) (Interface 1/0/24)#ip pim (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#ip rip (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 581
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure PIM-DM PIM-DM on Switch A 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A a. Select Routing > IP > Advanced > IP Interface Configuration. PIM 581 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 582
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/9 check box. Now 1/0/9 appears in the Port the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. PIM 582 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 583
Series and M4300-96X Fully Managed Switches d. Click Apply to save the settings. 5. Enable RIP on the interface 1/0/1. a. Select Routing > RIP > Advanced > 7. Enable RIP on interface 1/0/13. a. Select Routing > RIP > Advanced > Interface Configuration. PIM 583 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 584
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/13. c. For RIP Admin Mode, Click Apply. 9. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. PIM 584 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 585
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For PIM Protocol Type, field, select Enable. d. Click Apply to save the settings. PIM-DM on Switch B: 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. PIM 585 Software - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 586
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. PIM 586 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 587
Series and M4300-96X Fully Managed Switches b. Under IP Interface Configuration, scroll down and select the Port 1/0/11 check box. Now 1/0/11 > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/11. PIM 587 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 588
M4300 Series and M4300-96X Fully Managed Switches c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 6. Enable multicast globally. a. Select interfaces 1/0/10 and 1/0/11. a. Select Routing > Multicast > PIM > Interface Configuration. PIM 588 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 589
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/10 and 1/0/11 check box. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. PIM-DM on Switch C 1. Enable IP routing on the switch. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 590
Series and M4300-96X Fully Managed Switches Now 1/0/21 appears in the Interface field at the top. c. Enter the following information: • In the IP Address field RIP Admin Mode, select the Enable radio button. d. Click Apply. 5. Enable RIP on interface 1/0/22. PIM 590 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 591
Series and M4300-96X Fully Managed Switches a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Apply. 7. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. PIM 591 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 592
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For PIM Protocol Type, field, select Enable. d. Click Apply to save the settings. PIM-DM on Switch D: 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 593
Series and M4300-96X Fully Managed Switches b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Configure 1/0/21 as a routing port and assign an IP address • In the Routing Mode field, select Enable. d. Click Apply to save the settings. PIM 593 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 594
Series and M4300-96X Fully Managed Switches 4. Configure 1/0/24 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Apply. 6. Enable RIP on interface 1/0/22. a. Select Routing > RIP > Advanced > Interface Configuration. PIM 594 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 595
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. For RIP Admin Mode, select to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. PIM 595 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 596
Series and M4300-96X Fully Managed Switches 9. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the Routing > Multicast > IGMP > Global Configuration. A screen similar to the following displays. PIM 596 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 597
Series and M4300-96X Fully Managed Switches b. For Admin Mode, select the Enable radio button. c. Click Apply. 12. Enable IGMP on interface 1/0/24. a. Select Routing > Multicast c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. PIM 597 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 598
M4300 Series and M4300-96X Fully Managed Switches PIM-SM Protocol-independent multicast sparse mode (PIM-SM) is used to efficiently route multicast traffic to multicast groups that can span wide area networks where bandwidth is a constraint. Source IP 192.168.1.1 Subnet 192.168.1.0/24 Switch Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 599
M4300 Series and M4300-96X Fully Managed Switches to switch to more efficient source-specific trees. A data SM PIM-SM on Switch A 1. Enable IP routing on the switch. (Netgear Switch)#configure (Netgear Switch) (Config)#ip routing 2. Enable PIM-SM on the switch. (Netgear Switch) (Config)#ip pim - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 600
M4300 Series and M4300-96X Fully Managed Switches (Netgear Switch) (Interface 1/0/1)#ip pim (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/9 (Netgear Switch) (Interface 1/0/9)#routing (Netgear Switch) (Interface 1/0/9)#ip address 192.168.3.1 (Netgear Switch) ( - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 601
M4300 Series and M4300-96X Fully Managed Switches 2. Enable the switch to announce its candidacy as a bootstrap router (BSR). (Netgear Switch) (Config)#ip pim bsr-candidate interface 1/0/10 30 7 (Netgear Switch) (Config)#interface 1/0/10 (Netgear Switch) (Interface 1/0/10)#routing (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 602
Series and M4300-96X Fully Managed Switches PIM-SM on Switch D (Netgear Switch)#configure (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip igmp (Netgear Switch) (Config)#ip pim (Netgear Switch) (Config)#ip pim rp-candidate interface 1/0/22 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 603
Series and M4300-96X Fully Managed Switches PIM-SM builds the multicast route table on each switch. The following tables show the routes that are built after PIM-SM switches to the source-specific PIMSM 1/0/21 Outgoing Interface List 1/0/24 1/0/24 PIM 603 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 604
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure PIM-SM PIM-SM on Switch A 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A a. Select Routing > IP > Advanced > IP Interface Configuration. PIM 604 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 605
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/9 check box. Now 1/0/9 appears field, select Enable. d. Click Apply to save the settings. 5. Enable RIP on interface 1/0/1. PIM 605 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 606
M4300 Series and M4300-96X Fully Managed Switches a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface field, . c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. PIM 606 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 607
Series and M4300-96X Fully Managed Switches 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to the following displays 1/0/1,1/0/9, and 1/0/13. a. Select Routing > Multicast > PIM > Interface Configuration. PIM 607 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 608
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1, 1/0/9, and 1/0/13 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. PIM-SM on Switch Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 609
Series and M4300-96X Fully Managed Switches b. Scroll down and select the interface 1/0/10 check box. Now 1/0/10 appears in the Interface field at the top. c. field, select 1/0/10. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. PIM 609 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 610
Series and M4300-96X Fully Managed Switches 5. Enable RIP on interface 1/0/11. a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays. PIM 610 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 611
Series and M4300-96X Fully Managed Switches b. For PIM Protocol Type, select the PIM-SM radio button. c. For Admin Mode, select the Enable radio button Set up the BSR candidate configuration. a. Select Routing > Multicast > PIM > BSR Candidate Configuration. PIM 611 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 612
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select the 1/0/10. c. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 7. e. Click Apply. PIM-SM on Switch C: 1. Enable IP routing on the switch Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 613
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/21 check box. Now 1/0/ . 4. Enable RIP on the interface 1/0/21. a. Select Routing > RIP > Advanced > Interface Configuration. PIM 613 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 614
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface field, select 1/0/21. c. For RIP Admin Mode, select the For Admin Mode, select the Enable radio button. c. Click Apply. 7. Enable PIM-SM globally. PIM 614 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 615
M4300 Series and M4300-96X Fully Managed Switches a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays. b. For Candidate RP Configuration. a. Select Routing > Multicast > PIM > Candidate RP Configuration. PIM 615 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 616
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. In the Group IP field, enter 225 In the Hash Mask Length field, enter 30. d. In the Priority field, enter 5. e. Click Apply. PIM 616 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 617
Series and M4300-96X Fully Managed Switches PIM-SM on Switch D 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. b. Select Routing > IP > Advanced > IP Interface Configuration. PIM 617 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 618
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check box. Now 1/0/ settings. 5. Enable RIP on interface 1/0/21. a. Select Routing > RIP > Advanced > Interface Configuration. PIM 618 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 619
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/21. c. For RIP Admin Mode button. d. Click Apply. 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. PIM 619 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 620
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 9. Enable 1/0/21, 1/0/22, and 1/0/24. a. Select Routing > Multicast > PIM > Interface Configuration. PIM 620 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 621
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21, 1/0/22, and 1/0/24 Set up BSR Candidate configuration. a. Select Routing > Multicast > PIM > BSR Candidate Configuration. PIM 621 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 622
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. In the Hash Mask Length . Enable IGMP on interface 1/0/24. a. Select Routing > Multicast > IGMP > Interface Configuration. PIM 622 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 623
M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IGMP Routing Interface Configuration, scroll down and select the Interface 1/0/24 check box. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. PIM 623 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 624
31 31DHCP L2 Relay and L3 Relay Dynamic Host Configuration Protocol relays This chapter includes the following sections: • DHCP L2 Relay • DHCP L3 Relay • Configure a DHCP L3 Switch 624 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 625
M4300-96X Fully Managed Switches closer to the end hosts. Host #1 1/0/5 1/0/6 1/0/4 Layer 2 Switch #1 DHCP Server #1 Host #2 Figure 61. DHCP L2 relay These Enter the following commands: (Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 200 (Netgear Switch)(Vlan)#exit DHCP L2 Relay and - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 626
Series and M4300-96X Fully Managed Switches 2. Enable the DHCP L2 relay on the switch. (Netgear Switch) (Config)#dhcp l2relay (Netgear Switch) (Config)#dhcp l2relay vlan 200 3. Enable the Option 82 Circuit ID field. (Netgear Switch) (Config)#dhcp l2relay circuit-id vlan 200 4. Enable the Option - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 627
M4300-96X Fully Managed Switches Local Browser Interface: Enable DHCP L2 Relay 1. Create VLAN 200. a. Select Switching Add. 2. Add ports to VLAN 200. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar ports 1/0/4, 1/0/5 and 1/0/6. a. Select Switching > VLAN > Advanced > Port - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 628
Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/4, 1/0/5, and 1/0/6 check boxes. c. In the PVID (1 to 4093) field, enter 200. d. Click Apply to save the settings. 4. Enable DHCP L2 relay on VLAN 200. a. Select System > Services > DHCP - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 629
Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the 1/0/4, 1/0/5, and 1/0/6 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. 6. Enable DHCP L2 relay trust on interface 1/0/6. a. Select System > Services > DHCP - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 630
M4300-96X Fully Managed Switches DHCP L3 Relay This example consists of two steps: • Use a Windows Server operating system to configure a DHCP L3 server. • Use the CLI to configure a DHCP L3 relay through which a DHCP client can receive an IP address from a DHCP server. \ DHCP server Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 631
M4300 Series and M4300-96X Fully Managed Switches 3. In the pop-up menu, select Add Roles. The Add Roles Wizard starts. DHCP L2 Relay and L3 Relay 631 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 632
M4300 Series and M4300-96X Fully Managed Switches 4. Click the Next button. 5. Select the DHCP Server check box. 6. Click the Next button. 7. From the menu on the left, select DHCP scopes. DHCP L2 Relay and L3 Relay 632 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 633
M4300 Series and M4300-96X Fully Managed Switches 8. Click the Add button. 9. In the Add Scope pop-up window, enter the IP address scope information for a marketing scope. DHCP L2 Relay and L3 Relay 633 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 634
M4300 Series and M4300-96X Fully Managed Switches In this example, an IP address range of 10.200.1.2-10.200.1.100 is used. In the Default Gateway (optional) field, DHCP client. 13. Click the OK button. The scope information is saved. DHCP L2 Relay and L3 Relay 634 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 635
M4300 Series and M4300-96X Fully Managed Switches 14. Click the Next button. 15. Select the Disable DHCPv6 stateless mode for this server radio button. 16. Click the Next button. DHCP L2 Relay and L3 Relay 635 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 636
M4300 Series and M4300-96X Fully Managed Switches 17. Click the Install button. 18. Wait for the DHCP server to be installed and the installation process to finish. 19. Click the Close button. DHCP L2 Relay and L3 Relay 636 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 637
Series and M4300-96X Fully Managed Switches 20. Make sure that in the Status column, the field for the DHCP server states Running. If a computer in the IP address, subnet mask, and gateway address for the marketing or sales scope. DHCP L2 Relay and L3 Relay 637 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 638
M4300-96X Fully Managed Switches Configure a DHCP L3 Switch CLI: Configure a DHCP L3 Relay 1. Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)# 2. Create a routing interface and assign subnet 10.100.1.2/24 to it. (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 639
M4300 Series and M4300-96X Fully Managed Switches 3. Create a routing interface connecting to the client. (Netgear Switch) (Config)# (Netgear Switch) (Config)#Interface 1/0/15 (Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address 10.200.1.1 255.255.255.0 (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 640
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select down and select the Port 1/0/15 check box. c. In the IP Address Configuration Method field, enter Manual. d. In the IP Address field, enter 10.200.1.1. e. In the Subnet Mask field, enter - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 641
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Interface Configuration, scroll down and select the Port 1/0/16 check box. c. In the IP Address Configuration Method field, enter Manual. d. In the IP Address field, enter 10.200.2.1. e. In the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 642
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Server Address field, enter 10.100.1.1. c. In the UDP Port field, enter dhcp. d. Click Add to save the settings. DHCP L2 Relay and L3 Relay 642 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 643
32 32MLD Multicast Listener Discovery This chapter includes the following sections: • Multicast Listener Discovery Concepts • Configure MLD • MLD Snooping 643 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 644
M4300 Series and M4300-96X Fully Managed Switches Multicast Listener Discovery Concepts Multicast Listener Discovery (MLD) protocol enables IPv6 routers to discover multicast listeners, the nodes that are configured to receive multicast data - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 645
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure MLD MLD on Switch A (Netgear Switch) #configure (Netgear Switch) (Config)#ipv6 router ospf (Netgear Switch) (Config-rtr)#router-id 1.1.1.1 (Netgear Switch) (Config)#exit (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) ( - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 646
M4300-96X Fully Managed Switches 3. Enable IPV6 MLD on the switch. (Netgear Switch) (Config)#ipv6 mld router 4. Enable IPV6 PIM-DM on the switch. (Netgear Switch) (Config)#ipv6 pim dense 5. Enable IP multicast forwarding on the switch. (Netgear Switch) (Config)#ip routing (Netgear Switch Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 647
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure MLD MLD on Switch A 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Advanced > Interface Configuration. A screen similar to the following displays. MLD 647 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 648
Series and M4300-96X Fully Managed Switches b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. Enter the following information: > Advanced > Prefix Configuration. A screen similar to the following displays. b. Select Interface 1/0/13. MLD 648 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 649
M4300 Series and M4300-96X Fully Managed Switches c. Enter the following information: • In the IPv6 Prefix field, enter 2001:2::1. • In the Prefix Length save the settings. 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. MLD 649 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 650
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 9. 1/0/1 and 1/0/13. a. Select Routing > IPv6 Multicast > IPv6 PIM > Interface Configuration. MLD 650 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 651
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. MLD on Switch B 1. Enable IP routing on the switch. a. - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 652
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. c. Click Apply Assign an IPv6 address to 1/0/21. a. Select Routing > IPv6 > Advanced > Prefix Configuration. MLD 652 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 653
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface field, select 1/0/21. c. Enter the following information the router ID of OSPFv3. a. Select Routing > OSPFv3 > Basic > OSPFv3 Configuration. MLD 653 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 654
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Router ID field, enter 2.2.2.2. c. For Admin Mode, select the to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. MLD 654 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 655
Series and M4300-96X Fully Managed Switches 9. Enable PIM-DM globally. a. Select Routing > IPv6 Multicast > IPv6PIM > Global Configuration. Apply to save the settings. 11. Enable MLD on the switch. a. Select Routing > IPv6 Multicast > MLD > Global Configuration. MLD 655 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 656
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 12. Enable MLD on field at the top. c. In the Admin Mode field, select Enable. d. Click Apply. MLD 656 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 657
1/0/24)#vlan pvid 300 (Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch) (Config)#exit (Netgear Switch) (Config)#set mld (Netgear Switch) (Config)#exit (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#set mld 300 (Netgear Switch) (Vlan)#exit MLD 657 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 658
M4300-96X Fully Managed Switches 2. Enable MLD snooping on VLAN 300. (Netgear Switch) #show mldsnooping Admin Mode Enable Multicast Control Frame Count 0 Interfaces Enabled for MLD Snooping None VLANs enabled for MLD snooping 300 (Netgear Switch VLAN 300. a. Select Switching > VLAN > Advanced > - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 659
M4300 Series and M4300-96X Fully Managed Switches c. Click Unit 1. The ports display. d. Click the gray boxes under ports 1 and 24 until U displays. The U specifies that the egress packet is untagged for the port. e. Click Apply. 3. Assign PVID to ports 1/0/1 and 1/0/24. a. Select Switching Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 660
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 300. • In the Admin Mode field, select Enable. 6. Click Add. MLD 660 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 661
33 33DVMRP Distance Vector Multicast Routing Protocol This chapter includes the following sections: • Distance Vector Multicast Routing Protocol Concepts • CLI: Configure DVMRP • Local Browser Interface: Configure DVMRP 661 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 662
M4300 Series and M4300-96X Fully Managed Switches Distance Vector Multicast Routing Protocol Concepts The Distance Vector Multicast Routing Protocol (DVMRP) is used for multicasting over IP networks without routing protocols to support multicast. The DVMRP is based on the RIP protocol but more - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 663
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure DVMRP DVRMP on Switch A 1. Create routing interfaces 1/0/1, 1/0/13, and 1/0/21. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 664
M4300 Series and M4300-96X Fully Managed Switches 4. Enable DVMRP mode on the interfaces 1/0/1, 1/0/13, and 1/0/21. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#ip dvmrp (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 665
Series and M4300-96X Fully Managed Switches (Netgear Switch) #show ip mcast mroute summary Multicast Route Table Summary Incoming Source IP Group IP Protocol Interface 192.168.1.2 225.0.0.1 DVMRP 1/0/1 Outgoing Interface List 1/0/21 DVRMP on Switch B 1. Create routing ports 1/0/13 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 666
M4300 Series and M4300-96X Fully Managed Switches (Netgear Switch) #show ip dvmrp neighbor Interface 1/0/13 Neighbor IP Address 11441 Received Routes 0 Received Bad Packets 0 Received Bad Routes 0 (Netgear Switch) #show ip mcast mroute detail summary Source IP Multicast Route Table Summary - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 667
M4300 Series and M4300-96X Fully Managed Switches DVRMP on Switch C: 1. Create routing interfaceS 1/0/11, 1/0/3, and 1/0/24. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#ip routing (Netgear Switch) ( - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 668
M4300-96X Fully Managed Switches 6. Enable IGMP mode on the interface 1/0/24. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch 0 Received Bad Routes 0 (Netgear Switch) #show ip mcast mroute detail - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 669
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure DVMRP DVMRP on Switch A 1. Enable IP routing on the switch. a. Select Routing > IP > Basic >IP Configuration. A a. Select Routing > IP > Advanced > IP Interface Configuration. DVMRP 669 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 670
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Port Enable. d. Click Apply to save the settings. 5. Enable IP multicast on the switch. a. Select Routing > Multicast > Global Configuration. DVMRP 670 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 671
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 6. Enable DVMRP on the switch. a. Select Routing boxes. c. In the Interface Mode field, select 300. DVMRP 671 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 672
Series and M4300-96X Fully Managed Switches d. Click Apply to save the settings. DVMRP on Switch B 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen Select Routing > IP > Advanced > IP Interface Configuration. DVMRP 672 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 673
Series and M4300-96X Fully Managed Switches A Click Apply to save the settings. 4. Enable IP multicast on the switch. a. Select Routing > Multicast > Global Configuration. A screen similar to . c. Click Apply. 5. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP> Global Configuration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 674
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the field, select Enable. d. Click Apply to save the settings. DVMRP on Switch C 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 675
Series and M4300-96X Fully Managed Switches 2. Configure 1/0/11 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. DVMRP 675 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 676
Series and M4300-96X Fully Managed Switches A screen Click Apply to save the settings. 5. Enable IP multicast on the switch. a. Select Routing > Multicast >Global Configuration. A screen similar to button. c. Click Apply. 6. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP > Global - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 677
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 7. IGMP on the interface. a. Select Routing > Multicast > IGMP > Routing Interface Configuration. DVMRP 677 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 678
Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/24 check box. Now 1/0/24 appears in the Interface field at the top. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. DVMRP 678 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 679
34 34PTP End-to-End Transparent Clock Manage Precision Time Protocol This chapter includes the following sections: • PTP Concepts • PTP Time Stamp Operation • PTP Transparent Clocks • Manage the PTP End-to-End Transparent Clock 679 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 680
Series and M4300-96X Fully Managed Switches PTP Concepts Precision Time Protocol (PTP, IEEE to a grandmaster clock through an exchange of packets across the network. The switch supports PTP end-to-end transparent clock, which is enabled by default, both Clock 680 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 681
M4300-96X Fully Managed Switches supports the PTP firmware and is sent in a separate message. The M4300 series switches do not support supports only the following three types of PTP event packets: Sync, Delay_Req, and Delay_Resp. PTP End-to-End Transparent Clock 681 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 682
M4300 Series and M4300-96X Fully Managed Switches Of these three PTP event type packets, the switch can update the PTP packet correction field only for Sync and Delay_Req. A Delay_Resp PTP packet passes through the switch without modification. • The switch does not detect and modify other PTP event - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 683
M4300-96X Fully Managed Switches CLI: Reenable PTP End-to-End Transparent Clock for an Interface (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/1/1 (Netgear Switch) (Interface 1/1/1)#ptp clock e2e-transparent CLI: Display the PTP End-to-End Transparent Clock Status (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 684
35 35Link Dependency Configure Link State Groups This chapter includes the following sections: • Link Dependency Concepts • CLI: Create a Link State Group • Local Browser Interface: Create a Link State Group 684 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 685
Series and M4300-96X Fully Managed Switches Link Dependency Concepts Link dependency enables or disables ports in a group based on the link state of another link state group if such a configuration causes circular dependencies between groups. Link Dependency 685 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 686
M4300 Series and M4300-96X Fully Managed Switches CLI: Create a Link State Group 1. Create a link state group with group number 1. (Netgear Switch) (Config)#link state group 1 action down 2. Configure port 1/0/1 as an upstream link. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) ( - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 687
Series and M4300-96X Fully Managed Switches Local Browser Interface: Create a Link State Group 1. Configure the action for link state group with group > Link Dependency Interface Configuration. A screen similar to the following displays. Link Dependency 687 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 688
Series and M4300-96X Fully Managed Switches b. Select the check box to the left of interface 1/0/1. 1/0/1 displays in the Interface field of the table heading. c. Interface menu, select True. d. Click the Apply button. Your settings are saved. Link Dependency 688 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 689
36 36Captive Portals Captive portals and client authentication This chapter includes the following sections: • Captive Portal Concepts • Captive Portal Configuration Concepts • Enable a Captive Portal • Client Access, Authentication, and Control • Block a Captive Portal Instance • Local - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 690
M4300-96X Fully Managed Switches supports both port (in support of HTTP to the switch to be authenticated . The switch forwards these CPU on the switch for all the ports the switch. switch. It is not supported switch, but instead asks the switch switch so that the client can authenticate with the switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 691
Series and M4300-96X Fully Managed Switches Captive Portal Configuration Concepts This chapter introduces the objects that make up the captive portal and describes the interaction between the captive portal and the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 692
Series and M4300-96X Fully Managed Switches Local Browser Interface: Enable a Captive Portal 1. Enable captive portal on the switch. a. Select Security > Control > Captive Portal > Security > Controls > Captive Portal > CP Binding Configuration. Captive Portals 692 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 693
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the CP ID list, select 1. c. Click configuration. Block a Captive Portal Instance CLI: Block a Captive Portal Instance (Netgear Switch)(Config-CP 1)#block Captive Portals 693 Software Administration - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 694
Series and M4300-96X Fully Managed Switches Local Browser Interface: Block a Captive Portal Instance 1. Select Security > Control > Create a group whose group ID is 2. (Netgear Switch) #config (Netgear Switch) (config)#captive-portal (Netgear Switch)(Config-CP)# user group 2 Captive Portals 694 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 695
Series and M4300-96X Fully Managed Switches 2. Create a user whose name is user1. (Netgear Switch) (Config-CP)#user 2 name user1 3. Configure the user's password. (Netgear Switch) ( Security > Control > Captive Portal > CP User Configuration. Captive Portals 695 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 696
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the User ID Field, enter 2. • In the User in the ID column and are comma delimited (vendor ID, attribute ID). Captive Portals 696 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 697
M4300 Series and M4300-96X Fully Managed Switches Table 5. RADIUS Attributes for Configuring Captive Portal Users RADIUS Configure RADIUS as the Verification Mode (Netgear Switch) (Config-CP 1)#radius-auth-server Default-RADIUS-Server (Netgear Switch) (Config-CP 1)#verification radius Captive - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 698
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure RADIUS as the Verification Mode 1. Select Security > Control > Captive Portal > CP Configuration. instance status will show Disabled with an appropriate reason code. Captive Portals 698 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 699
37 37iSCSI Internal Small Computer System Interface This chapter includes the following sections: • iSCSI Concepts • Enable iSCSI Awareness with VLAN Priority Tag • Enable iSCSI Awareness with DSCP • Set the iSCSI Target Port • Show iSCSI Sessions 699 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 700
Series and M4300-96X Fully Managed Switches iSCSI Concepts The Internal Small Service parameters for the queue chosen in order to complete the setting. The following figure shows an example of iSCSI implementation. Figure 66. Sample iSCSI implementation iSCSI 700 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 701
Series and M4300-96X Fully Managed Switches Enable iSCSI Awareness (Netgear Switch) #config (Netgear Switch) (Config) #iscsi enable (Netgear Switch) (Config) #iscsi cos vpt 5 (Netgear Switch) (Config) #iscsi aging time 10 (Netgear Switch) the settings. iSCSI 701 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 702
M4300-96X Fully Managed Switches Enable iSCSI Awareness with DSCP The example is shown as CLI commands and as local browser interface procedure. CLI: Enable iSCSI Awareness with DSCP Use the following commands to enable iSCSI awareness, select DSCP, and set DSCP queue number and aging time. (Netgear - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 703
Series and M4300-96X Fully Managed Switches Set the iSCSI Target Port When working with iSCSI that does not use the standard IANA assigned iSCSI ports (3260/860), NETGEAR recommends that you specify the target IP address. Then, the switch snoops frames only if the TCP destination port is one of - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 704
M4300-96X Fully Managed Switches Show iSCSI Sessions The example is shown as CLI commands and as local browser interface procedure CLI: Show iSCSI Sessions Use the following commands to show iSCSI sessions and session details: (Netgear Switch TCP Port 3260 (Netgear Switch) # The command - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 705
Series and M4300-96X Fully Managed Switches Local Browser Interface: Show iSCSI Sessions 1. Show iSCSI sessions. a. Select Switching > iSCSI > Advanced > Sessions. A screen similar to the following displays. 2. Click Refresh. 3. Show the iSCSI session details. a. Select Switching > iSCSI > Advanced - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 706
38 38Override Factory Defaults Use another factory default configuration file This chapter includes one section: • Override the Factory Default Configuration File 706 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 707
and M4300-96X Fully Managed Switches Override the Factory Default Configuration File NETGEAR managed switches support a single Management access will be blocked for the duration of the transfer. please wait... File transfer successful.. Override Factory Defaults 707 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 708
M4300 Series and M4300-96X Fully Managed Switches CLI: Erase the Old Factory Default Configuration File 1. Erase the old factory default configuration file from the switch. (Netgear Switch) #erase factory-default 2. Reload the switch. The new factory default configuration file (that is, the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 709
39 39NETGEAR SFP Small form-factor pluggables This chapter includes one section: • Connect with a NETGEAR AGM731F SFP 709 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 710
M4300 Series and M4300-96X Fully Managed Switches Connect with a NETGEAR AGM731F SFP Cisco provides a way to support third-party small form-factor pluggables (SFPs). For example, a NETGEAR AGM731F SFP can function between a Cisco switch and a NETGEAR switch. 1. Before connecting the NETGEAR switch - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 711
40 40Expandable Ports Configuration APM402XL Port Card This chapter includes one section: • Expand a 40G Port on an APM402XL Port Card to Four 10G Ports 711 - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 712
Series and M4300-96X Fully Managed Switches Expand a 40G Port on an APM402XL Port Card to Four 10G Ports The APM402XL port card provides two 40G port in which you can install QSFP+ interface modules. You can expand each single 40G port to four 10G ports. The total number of supported ports on the - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 713
M4300 Series and M4300-96X Fully Managed Switches 2. Select port 1/7/1. Port 1/7/1 displays in the 40G Interface field of the table heading. 3. From the Configured Mode menu, select 4x10G. 4. Click the Apply button. Expandable Ports Configuration 713 Software Administration Manual - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 714
Resolution Protocol) dynamic inspection 345 proxy feature 161 authentication manager 380 authentication, captive portal 693 authorization, privileged EXEC switch stack firmware 464 compatible mode, MVR 303 configuration files, switch stacks 464 configuration scripting 418 CoS (Class of Service - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 715
Series and M4300-96X Fully Managed Switches DVMRP (Distance Vector Multicast Routing Protocol) 662 Dynamic ARP Explicit Congestion Notification (ECN) 287 F factory defaults, overriding 707 firmware and firmware mismatch, switch stacks 455 G GARP (Generic Attribute Registration Protocol) 56 groups - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 716
Series and M4300-96X Fully Managed Switches O organizationally unique identifier (OUI) 267 OSPF (Open Shortest Path ) 266 scheduler mode, strict priority 236 scripting, configuration 418 security, ports 317 service, DiffServ 242 Session Initiation Protocol (SIP) 266 session limit and time-out, - Netgear XSM4324CS | Software Administration Manual Software Version 12.x - Page 717
M4300 Series and M4300-96X Fully Managed Switches subnet-based VLANs 41 switch port modes 70 switch stacks 450 system logging (syslog), logging, CoS 232 tunnels, IPv6 537 U untrusted ports, CoS 233 upgrading firmware, switch stacks 455 users, captive portal 694 V Virtual Router Redundancy Protocol
![](/manual_guide/products/netgear-m43008x8f-software-administration-manual-software-version-12x-c28375b/1.png)
NETGEAR, Inc.
350 East Plumeria Drive
San Jose, CA 95134, USA
September 2019
202-11996-01
Software Administration Manual
M4300 Intelligent Edge Series
Fully
Managed
Stackable
Switches
Software Version 12.0.8
M4300 Series Switches
M4300-96X Modular Switch