Netgear XSM4324FS Software Administration Manual Software Version 12.x
Netgear XSM4324FS Manual
View all Netgear XSM4324FS manuals
Add to My Manuals
Save this manual to your list of manuals |
Netgear XSM4324FS manual content summary:
- Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 1
Software Administration Manual M4300 Intelligent Edge Series Fully Managed Stackable Switches Software Version 12.0.8 M4300 Series Switches M4300-96X Modular Switch September 2019 202-11996-01 NETGEAR, Inc. 350 East Plumeria Drive San Jose, CA 95134, USA - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 2
M4300-96X Fully Managed Switches Support Thank you for purchasing this NETGEAR product. You can visit https://www.netgear.com/support/ to register your product, get help, access the latest downloads and user manuals, and join our community. We recommend that you use only official NETGEAR support - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 3
Series and M4300-96X Fully Managed Switches Chapter 1 Documentation Resources Chapter 2 LAGs Link Aggregation Concepts 21 Add Ports to LAGs 22 Private-VLAN Types (Primary, Isolated, Community 63 CLI: Assign Private-VLAN Type (Primary, Isolated, Community 63 3 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 4
Series and M4300-96X Fully Managed Switches Local Browser Interface: Assign Private-VLAN Type (Primary, Isolated, Community 63 Configure Private-VLAN Association 65 and the Switch 93 Local Browser Interface: Set Up VLAN Routing for the VLANs and the Switch 94 4 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 5
Series and M4300-96X Fully Managed Switches Chapter Configure VLAN Routing with RIP Support 102 CLI: Configure VLAN Routing with RIP Support 103 Local Browser Interface: Configure VLAN Routing with RIP Support 104 Chapter 7 OSPF Open Routing Concepts 155 5 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 6
Series and M4300-96X Fully Managed Switches Route-Map Statements 155 PBR Processing Logic 156 PBR Configurations 158 PBR Example 158 Local Browser Interface: Configure ACL Mirroring 210 Configure ACL Redirection 213 CLI: Redirect a Traffic Stream 214 6 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 7
and M4300-96X Service 234 CLI: Show the Trust Mode for a Class of Service 234 Local Browser Interface: Show the Trust Mode for a Class of Service 234 Set the Trust Mode for a Class of Service Traffic Shaping 239 Chapter 13 DiffServ Differentiated Services Concepts 242 DiffServ 243 CLI: Configure - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 8
Series and M4300-96X Fully Managed Switches Local Browser Interface: Diffserv for VoIP 261 Auto VoIP 266 Protocol-Based Auto VoIP 266 OUI-Based Show IGMP Querier Status 300 Chapter 15 MVR Multicast VLAN Registration 302 Configure MVR in Compatible Mode 303 8 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 9
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure MVR in Compatible Mode 304 Local Browser Interface: Configure MVR in Compatible Mode . . . Local Browser Interface: Find a Rogue DHCP server 357 Enter Static Binding into the Binding Database 359 9 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 10
M4300 Series and M4300-96X Fully Managed Switches CLI: Enter Static Binding into the Binding Database 359 Local Browser Interface: Enter Static Binding the Authentication Time for MAB 407 Local Browser Interface: Reduce the Authentication Time for MAB . 407 10 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 11
Series and M4300-96X Fully Managed Switches Chapter 18 SNTP Simple Network Time Protocol Concepts 409 Show SNTP (CLI Only 409 show sntp and Automatic Error Recovery 433 Loop Protection 435 Nondisruptive Configuration Management 437 Full Memory Dump 438 11 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 12
Series and M4300-96X Fully Managed Switches Chapter 20 Alerting 448 CLI: Send Log Messages to [email protected] Using Account [email protected] 449 Chapter 21 Switch Stacks Switch Stack Management and Connectivity 451 Stack Master : Renumber Stack Members 466 12 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 13
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Renumber Stack Members Interface: Specify Two DNS Servers 482 Manually Add a Host Name and an IP Address 482 CLI: Manually Add a Host Name and an IP Address 482 Local Browser Interface: Manually Add a Host Name and an IP - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 14
Series and M4300-96X Fully Managed Switches Chapter 25 DHCPv6 Server Dynamic Host Configuration Protocol Version 6 Concepts 492 CLI: Configure DHCPv6 CLI: Create a 6in4 Tunnel 538 Local Browser Interface: Create a 6in4 Tunnel 539 Create a 6to4 Tunnel 543 14 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 15
Series and M4300-96X Fully Managed Switches CLI: Create a 6to4 Tunnel 544 Local Browser Interface: Create a 6to4 Tunnel 549 Chapter 29 IPv6 MLD Snooping 658 Chapter 33 DVMRP Distance Vector Multicast Routing Protocol Concepts 662 CLI: Configure DVMRP 663 15 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 16
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure DVMRP 669 Chapter 34 PTP End-to-End Transparent Clock PTP Concepts 680 with VLAN Priority Tag 701 Enable iSCSI Awareness with DSCP 702 CLI: Enable iSCSI Awareness with DSCP 702 16 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 17
Series and M4300-96X Fully Managed Switches : Erase the Old Factory Default Configuration File 708 Chapter 39 NETGEAR SFP Connect with a NETGEAR AGM731F SFP 710 Chapter 40 Expandable Ports Configuration Expand a 40G Port to Four 10G Ports . . . . . 712 Index 17 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 18
Reference Manual - M4300 Intelligent Edge Series Fully Managed Stackable Switches User Manual - M4300 Intelligent Edge Series Fully Managed Stackable Switches Software Setup Manual Note: For more information about the topics covered in this manual, visit the support website at netgear.com/support - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 19
from time to time at netgear.com/support/download/. Some products can regularly check the site and download new firmware, or you can check for and download new firmware manually. If the features or behavior of your product does not match what is described in this guide, you might need to update - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 20
2 2LAGs Link Aggregation Groups This chapter includes the following sections: • Link Aggregation Concepts • Add Ports to LAGs 20 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 21
Series and M4300-96X Fully Managed Switches Link Aggregation Concepts Link aggregation allows the switch to treat multiple physical links between two LAG produces a twofold or fivefold increase, which is useful if only a small increase is needed. LAGs 21 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 22
M4300 Series and M4300-96X Fully Managed Switches Add Ports to LAGs The example is shown as CLI commands and as a local browser interface procedure. CLI: Add Ports to the LAGs (Netgear Switch) #config (Netgear Switch) (Config)#interface 0/2 (Netgear Switch) (Interface 0/2)#addport 1/1 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 23
Series and M4300-96X Fully Managed Switches d. Click the gray boxes under port 2 and 3. Two check marks display in the box. e. Click the Apply the gray boxes under ports 8 and 9. Two check marks display in the boxes. e. Click Apply to save the settings. LAGs 23 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 24
3 3VLANs Virtual LANs This chapter includes the following sections: • VLAN Concepts • Create Two VLANs • Assign Ports to VLAN 2 • Create Three VLANs • Assign Ports to VLAN 3 • Assign VLAN 3 as the Default VLAN for Port 1/0/2 • Create a MAC-Based VLAN • Create a Protocol-Based VLAN • Virtual VLANs: - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 25
M4300 Series and M4300-96X Fully Managed Switches VLAN Concepts Adding virtual LAN (VLAN) support to a Layer 2 switch offers some of the benefits of both bridging and routing. Like VLAN 20 Figure 2. Switch with 4 ports configured for traffic from 2 VLANs VLANs 25 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 26
Series and M4300-96X Fully Managed Switches The IDs while leaving the names blank. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2 (Netgear Switch) (Vlan)#vlan 3 (Netgear Switch) (Vlan)#exit Local Browser Interface: Static. c. Click Add. VLANs 26 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 27
2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan acceptframe vlanonly (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan pvid 2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#exit (Netgear Switch) (Config)#vlan port tagging all 2 (Netgear Switch) (Config)# VLANs 27 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 28
Series and M4300-96X Fully Managed Switches Local Browser Interface: Assign Ports to VLAN 2 1. Assign ports to VLAN2. a. Select Switching > VLAN > Advanced select the check box for Interface 1/0/1. Then scroll down and select the Interface 1/0/2 check box. VLANs 28 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 29
Series and M4300-96X Fully Managed Switches c. Enter the following information: blank. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 100 (Netgear Switch) (Vlan)#vlan 101 (Netgear Switch) (Vlan)#vlan 102 (Netgear Switch) ( ID field, enter 100. VLANs 29 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 30
Series and M4300-96X Fully Managed Switches • In the VLAN Name field, enter VLAN100. c. Click Add. 2. Create VLAN101. a. Select Switching > VLAN > similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 102. VLANs 30 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 31
Series and M4300-96X Fully Managed Netgear Switch) (conf-if-range-1/0/2-1/0/4)#exit (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface 1/0/4)#vlan acceptframe all (Netgear Switch) (Interface 1/0/4)#exit (Netgear and 4 until T displays. VLANs 31 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 32
Series and M4300-96X Fully Managed Switches The T specifies that the Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#vlan pvid 3 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit VLANs 32 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 33
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/2 1. Select Switching > VLAN > Advanced > Port can configure a MAC address mapping to a VLAN that has not been created on the system. VLANs 33 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 34
Series and M4300-96X Fully Managed Switches CLI: Create a MAC-Based VLAN 1. Create VLAN3. (Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 3 (Netgear Switch)(Vlan)#exit 2. Add port 1/0/23 to VLAN3. (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/23 (Netgear Switch)(Interface - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 35
Series and M4300-96X Fully Managed Switches Local Browser Interface: Assign a MAC-Based VLAN 1. Create VLAN3. a. Select Switching > VLAN > Basic > VLAN to the following displays. b. In the VLAN ID list, select 3. c. Click Unit 1. The ports display. VLANs 35 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 36
Series and M4300-96X Fully Managed Switches d. Click the gray box before Unit 1 until U displays. e. Click Apply. 3. Assign VPID3 to port 1/0/23. a. Select Switching > field, enter 00:00:0A:00:00:02. • In the PVID (1 to 4093) field, enter 3. c. Click Add. VLANs 36 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 37
Series and M4300-96X Fully Managed Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 4 (Netgear Switch)(Vlan)#vlan 5 (Netgear Switch)(Vlan)#protocol group 1 4 4. Assign VLAN protocol group 2 to VLAN 5. (Netgear Switch)(Vlan)#protocol group 2 5 VLANs 37 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 38
M4300-96X Fully Managed Switches 5. Enable protocol VLAN group 1 and 2 on the interface. (Netgear Switch)(Vlan)#exit (Netgear Switch)#config (Netgear Switch)(Config)#interface 1/0/11 (Netgear Switch)(Interface 1/0/11)#protocol vlan group 1 (Netgear . VLANs 38 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 39
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: In the VLAN ID field, enter ID field, enter 1. • In the Group Name field, enter vlan_ipx. • In the Protocol list, enter ipx. VLANs 39 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 40
Series and M4300-96X Fully Managed Switches • In the VLAN ID field, enter 4. b. Click Add. 3. Create the protocol-based VLAN group vlan_ip. a. Switching > VLAN > Advanced > Protocol Based VLAN Group Membership. A screen similar to the following displays. VLANs 40 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 41
Series and M4300-96X Fully Managed Switches b. In the Group ID list, select 1. c. Click the gray box under port 11. A check mark displays in the box. of a packet. Appropriate 802.1Q VLAN configuration must exist in order for the packet to be switched. VLANs 41 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 42
Series and M4300-96X Fully Managed Switches 1/0/1 Switch 1/0/24 PC 1 10.100.5.1 Figure 3. IP subnet-based VLAN CLI: Create an IP Subnet-Based VLAN PC 2 10.100.5.30 (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#vlan association subnet 10.100.0.0 255 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 43
Series and M4300-96X Fully Managed Switches Local Browser Interface: Create an IP Subnet-Based VLAN 1. Create VLAN 2000. a. Select Switching > VLAN > select 2000. c. Click Unit 1. The ports display. d. Click the gray box before Unit 1 until U displays. VLANs 43 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 44
Series and M4300-96X Fully direct attack on voice components. The switch can be configured to support voice VLAN on a port connecting to a VoIP phone. When . The two types of traffic are therefore segregated so that better service can be provided to the voice traffic. When a dot1p priority Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 45
M4300 Series and M4300-96X Fully Managed Switches Regular data arriving on the switch is given the default priority of the port (default 0), and the voice traffic is received with higher priority. This segregates both the traffic to provide better service , user needs to manually configure it. This - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 46
Series and M4300-96X Fully Managed Switches Voice VLAN Interoperation with Auto-VoIP This section describes a situation in which both the voice VLAN and Auto- ). Because the LLDP exchange did not occur, the voice VLAN is passive and the Auto-VoIP is active. VLANs 46 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 47
M4300 Series and M4300-96X Fully Managed Switches However, if automatically create data a VLAN. If you use a separate data VLAN, the voice VLAN supports segregation and separation of voice traffic from data traffic. The priority that is set in the page 266. VLANs 47 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 48
Series and M4300-96X Fully Managed Switches PBX 1/0/1 Switch 1/0/2 1/0/3 VoIP phone VoIP Voice VLAN and Prioritize Voice Traffic 1. Create VLAN 10. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#exit VLANs 48 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 49
M4300 Series and M4300-96X Fully Managed Switches 2. Include the ports 1/0/1 and 1/0/2 in VLAN 10. (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan participation include 10 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)#vlan tagging 10 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 50
M4300-96X Fully Managed Switches 9. Assign it to interfaces 1/0/1 and 1/0/2. (Netgear Switch) (Config)#interface range 1/0/1-1/0/2 (Netgear Switch) (conf-if-range-1/0/1-1/0/2)# service in VLAN 10. a. Select Switching > VLAN > Advanced > VLAN Membership. VLANs 50 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 51
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the VLAN Membership table, in the VLAN ID list, select the 1/0/2 check box. c. In the Interface Mode list, select VLAN ID. d. In the Value field, enter 10. VLANs 51 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 52
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Click Apply. Note: The following steps are optional. Configure matching criteria for the class as VLAN 10. a. Select QoS > DiffServ > Advanced > Class Configuration. VLANs 52 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 53
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click the class ClassVoiceVLAN. c. In the e. Click Apply. 7. Create the DiffServ policy PolicyVoiceVLAN. a. Select QoS > DiffServ > Advanced > Policy Configuration. VLANs 53 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 54
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Policy Name field, enter PolicyVoiceVLAN. Advanced > Policy Configuration. A screen similar to the following displays. b. Click the Policy PolicyVoiceVLAN. VLANs 54 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 55
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. c. In the field next to the Assign Queue radio button, select 3. d. Click Apply. 9. Assign it to interfaces 1/0/1 and 1/0/2. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 56
Netgear Switch) (Interface 1/0/24)#vlan tagging 1000,2000,3000 2. On Switch A, enable GVRP. (Netgear Switch) #set gvrp adminmode (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#set gvrp interfacemode VLANs 56 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 57
Series and M4300-96X Fully Managed Switches 3. On Switch B, enable GVRP. (Netgear Switch) #set gvrp adminmode (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/11 (Netgear Switch) (Interface Untagged 1/0/16 Exclude Autodetect Untagged VLANs 57 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 58
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure GVRP on switch A 1. On Switch A, create VLANs 1000, 2000, and 3000: a. Select Switching b. Click Unit 1. The ports display. c. Click the gray box under port 24 until T displays. VLANs 58 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 59
Series and M4300-96X Fully Managed Switches T specifies that the switch tags egress packets for port 24. d. Click Apply. 3. Enable GVRP globally: a. Select box that corresponds to interface 1/0/24. The Interface field in the table heading displays 1/0/24. VLANs 59 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 60
M4300 Series and M4300-96X Fully Managed Switches c. From the Port GVRP Mode menu, select Enable. d. Click Apply. Local Browser Interface: : a. Select Switching > VLAN > Advanced > GARP Port Configuration. A screen similar to the following displays. VLANs 60 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 61
M4300 Series and M4300-96X Fully Managed Switches b. Scroll down and select the check box that corresponds to interface 1/0/11. The Interface field in through inter-switch/stack links that transport primary, community, and isolated VLANs between devices. VLANs 61 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 62
Series and M4300-96X Fully Managed Switches Figure 8. Private VLANs The following figure illustrates the private VLAN traffic flow. Five ports A, B, C, D, and E make up paths in the private VLAN domain. Figure 9. Packet flow within a Private VLAN domain VLANs 62 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 63
Series and M4300-96X Fully Managed Netgear Switch) #config (Netgear Switch) (Config)#vlan 100 (Netgear Switch) (Config)(Vlan) #private-vlan primary (Netgear Switch) (Config)(Vlan) #exit (Netgear Switch) (Config)#vlan 101 (Netgear to the following displays. VLANs 63 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 64
Series and M4300-96X Fully Managed Switches b. Under Private VLAN Type Configuration, select the VLAN ID 100 check box. Now 100 Select Security > Traffic Control > Private VLAN > Private VLAN Type Configuration. A screen similar to the following displays. VLANs 64 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 65
Series and M4300-96X Fully Managed Switches b. Under Private -102 (secondary VLAN) to VLAN 100 (primary VLAN). (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) #config (Config)#vlan 100 (Config)(Vlan) #private select the VLAN ID 100. VLANs 65 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 66
Series and M4300-96X Fully Managed Switches c. In the Secondary VLAN port mode. (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) #config VLAN > Private VLAN Port Mode Configuration. VLANs 66 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 67
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Private VLAN Port Mode Configuration, select the 1/0/1 the Port VLAN Mode field, select Host from the menu. d. Click Apply to save the settings. VLANs 67 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 68
Series and M4300-96X Fully Managed Switches Configure Private-VLAN =102). (Netgear Switch) (Netgear Switch) (Netgear Switch) 100 101 (Netgear Switch) (Netgear Switch) (Netgear Switch) 100 102 (Netgear Switch) # 1/0/2 and 1/0/3 interface check box. VLANs 68 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 69
Series and M4300-96X Fully Managed Switches c. In the Host Primary VLAN field, enter 100. a primary VLAN (100) and to secondary VLANs (101-102). (Netgear Switch) (Netgear Switch) (Netgear Switch) (Netgear Switch) #config (Config)#interface 1/0/1 (Interface 1/0/1)#switchport private-vlan mapping - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 70
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Map Private-VLAN Promiscuous Port 1. Map private-VLAN promiscuous port 1/0/1 to a primary VLAN mode and does not restrict the configuration so you can configure the port as needed. VLANs 70 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 71
Series and M4300-96X Fully Managed Switches The switch supports the following switch port modes, each with designated as general mode ports and belong to the default VLAN. - Ports conform to NETGEAR legacy switch behavior for switch ports. - You configure various VLAN parameters such as membership, - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 72
. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#switchport mode access (Netgear Switch) (Interface 1/0/2)#switchport access vlan 2000 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)# VLANs 72 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 73
and M4300-96X Fully Managed Switches 4. Configure port 1/0/3 as a trunk port. (Netgear Switch) (Interface 1/0/3)#switchport mode trunk (Netgear Switch) (Interface 1/0/3)#switchport trunk allowed vlan 1000,2000 5. Configure all incoming untagged packets to be tagged with the native VLAN ID. (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 74
M4300 Series and M4300-96X Fully Managed Switches d. In the VLAN ID field, enter 2000. e. Click Add. 2. Configure port 1/0/1 as an access Configuration. A screen similar to the following displays. b. Select the check box that corresponds to interface 1/0/1. VLANs 74 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 75
M4300 Series and M4300-96X Fully Managed Switches The Interface field in the table heading displays 1/0/1. c. In the Switchport Mode field, a. Select Switching > VLAN > Advanced > VLAN Trunking Configuration. A screen similar to the following displays. VLANs 75 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 76
Series and M4300-96X Fully Managed Switches b. Select the check box that corresponds to interface 1/0/3. The Interface field in the table heading displays 1/0/3. , ignore this step. e. In the Trunk Allowed VLANs field, enter 1000,2000. f. Click Apply. VLANs 76 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 77
4 4Port Routing Port routing, default routes, and static routes This chapter includes the following sections: • Port Routing Concepts • Port Routing Configuration • Enable Routing for the Switch • Enable Routing for Ports on the Switch • Add a Default Route • Add a Static Route 77 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 78
M4300-96X Fully Managed Switches Port Routing Concepts The first networks were small enough for the end stations to communicate directly. As networks grew, Layer 2 bridging was used to segregate traffic, a technology that worked well for unicast traffic, but had problems always supports Layer Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 79
and M4300-96X commands that you use to configure the switch to provide the port routing support shown in Figure 11, Layer 3 switch configured for port routing on IP forwarding by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#exit Port - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 80
Series and M4300-96X Fully Managed Switches Local Browser Interface: Enable Routing for the Switch 1. Select Routing > IP > Basic > IP Configuration. A screen similar frames will be dropped. The maximum transmission unit (MTU) size is 1500 bytes. Port Routing 80 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 81
M4300-96X Fully Managed Switches CLI: Enable Routing for Ports on the Switch (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#routing (Netgear Switch) (Interface 1/0/2)#ip address 192.150.2.1 255.255.255.0 (Netgear Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 82
M4300 Series and M4300-96X Fully Managed Switches • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select IP address 192.150.5.1/24 to interface 1/0/5. a. Select Routing > IP > Advanced > IP Interface Configuration. Port Routing 82 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 83
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. created dynamically through routing protocols like RIP and OSPF, or be manually created by the network administrator. The route created manually is called the static or default route. A default route is - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 84
Series and M4300-96X Fully Managed Switches CLI: Add a Default Route (FSM7338S) (Config) #ip route default? Enter the IP Address of the next router. on the bottom of the screen. This creates the default route entry in the routing table. Port Routing 84 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 85
Series and M4300-96X Fully Managed Switches Add a Static Route When the switch performs IP routing, it forwards the packet to the default route the following displays. 2. In the Route Type list, select Static. 3. Fill in the Network Address field. Port Routing 85 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 86
Series and M4300-96X Fully Managed Switches Note that this field should have a network IP address, not a host IP address. Do not enter something like 10,100. check box to the left of the entry, and click the Delete button on the bottom of the screen. Port Routing 86 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 87
5 5VLAN Routing VLAN routing for a VLAN and for the switch This chapter includes the following sections: • VLAN Routing Concepts • Create Two VLANs • Set Up VLAN Routing for the VLANs and the Switch 87 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 88
M4300-96X Fully Managed Switches VLAN Routing Concepts You can configure the switch with some ports supporting VLANs and some supporting to configure the switch to support VLAN routing and how the switch to support VLAN routing. support shown in the diagram. VLAN Routing 88 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 89
Series and M4300-96X Fully Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#vlan participation include 20 (Netgear Switch) (Interface 1/0/3)#vlan pvid 20 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#exit VLAN Routing 89 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 90
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Create Two VLANs 1. Create VLAN 10 and VLAN20. a. Select Switching > VLAN > Advanced > VLAN Name field, enter VLAN20. i. In the VLAN Type list, select Static. j. Click Add. VLAN Routing 90 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 91
Series and M4300-96X Fully Managed Switches 2. Add ports to the VLAN10 and VLAN20. a. Select Switching > VLAN > Advanced > VLAN Membership. A screen similar to T displays. The T specifies that the egress packet is tagged for the port. j. Click Apply. VLAN Routing 91 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 92
Series and M4300-96X Fully Managed Switches 3. Assign PVID to VLAN10 and VLAN20. a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to . g. In the PVID (1 to 4093) field, enter 20. h. Click Apply to save the settings. VLAN Routing 92 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 93
255.255.255.0 (Netgear Switch) (Interface-vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface-vlan 20)#ip address 192.150.4.1 255.255.255.0 (Netgear Switch) (Interface-vlan 20)#exit (Netgear Switch) (Config)#exit VLAN Routing 93 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 94
Series and M4300-96X Fully Managed Switches Local Browser Interface: Set Up VLAN Routing for the VLANs and the Switch 1. Select Routing > VLAN> VLAN Routing. 150.4.1. • In the Subnet Mask field, enter 255.255.255.0. 6. Click Add to save the settings. VLAN Routing 94 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 95
Concepts • Enable Routing for the Switch • Enable Routing for Ports • Enable RIP on the Switch • Enable RIP for Ports 1/0/2 and 1/0/3 • Configure VLAN Routing with RIP Support 95 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 96
M4300 Series and M4300-96X Fully Managed Switches tables after an additional 120 seconds. There are two versions of RIP (the switch supports both): • RIPv1 defined in RFC 1058. - Routes are specified by IP destination RIP on ports 1/0/2 and 1/0/3 RIP 96 Subnet 5 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 97
M4300-96X Fully Managed Switches Enable Routing for the Switch The example is shown as CLI commands and as a local browser interface procedure. CLI: Enable Routing for the Switch (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear settings. RIP 97 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 98
and M4300-96X Fully Managed Switches Enable Routing for Ports The example is shown as CLI commands and as a local browser interface procedure. CLI: Enable Routing and Assigning IP Addresses for Ports 1/0/2 and 1/0/3 (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 99
M4300 Series and M4300-96X Fully Managed Switches • In the IP Address field, enter 192. Interface field at the top. c. Enter the following information: In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.150.3.1. • In the Subnet Mask field, enter 255.255 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 100
M4300 Series and M4300-96X Fully Managed Switches Enable RIP on the Switch Note: Unless you have previously disabled RIP, you can skip this step since RIP is enabled by default. CLI: Enable RIP on the Switch This sequence enables RIP for the switch. The route preference defaults to 15. (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 101
Series and M4300-96X Fully Managed Netgear Switch) (Interface 1/0/2)#ip rip send version rip2 (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#ip rip (Netgear 1/0/2 and 1/0/3 check box. RIP 101 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 102
M4300-96X Fully Managed Switches 3. Enter the following information: • For RIP Admin Mode, select the Enable radio button. • In the Send Version field, select RIP-2. 4. Click Apply to save the settings. Configure VLAN Routing with RIP Support example This example adds support for RIPv2 to the - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 103
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure VLAN Routing with RIP Support 1. Configure VLAN routing with RIP support on the switch. (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 104
Switch) (Interface vlan 10)#exit (Netgear Switch) (Config)#interface vlan 20 (Netgear Switch) (Interface vlan 20)#ip rip (Netgear Switch) (Interface vlan 20)#exit (Netgear Switch) (Config)#exit Local Browser Interface: Configure VLAN Routing with RIP Support 1. Configure a VLAN and include ports - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 105
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 20. • the Enable radio button. c. Click Apply to save the setting. 4. Enable RIP on VLANs 10 and 20. RIP 105 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 106
Series and M4300-96X Fully Managed Switches a. Select Routing > RIP > Advanced > RIP Configuration. A screen similar to the following displays. b. Click the VLANS information: For RIP Mode, select the Enable radio button. e. Click Apply to save the settings. RIP 106 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 107
7 7OSPF Open Shortest Path First This chapter includes the following sections: • Open Shortest Path First Concepts • Inter-area Router • OSPF on a Border Router • Stub Areas • NSSA Areas • VLAN Routing OSPF • OSPFv3 107 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 108
Series and M4300-96X Fully Managed Switches Open Shortest Path First Concepts For larger networks, Open Shortest Path First (OSPF) is generally used in area router in the diagram by enabling OSPF on port 1/0/2 in area 0.0.0.2 and port 1/0/3 in area 0.0.0.3. OSPF 108 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 109
Series and M4300-96X Fully Netgear Switch) (Config)#interface 1/0/3 (Netgear Switch) (Interface 1/0/3)#routing (Netgear Switch) (Interface 1/0/3)#ip address 192.150.3.1 255.255.255.0 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#exit OSPF 109 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 110
1/0/3)#ip ospf (Netgear Switch) (Interface 1/0/3)#ip ospf areaid 0.0.0.3 (Netgear Switch) (Interface 1/0/3)#ip ospf priority 255 (Netgear Switch) (Interface 1/0/3)#ip ospf cost 64 (Netgear Switch) (Interface 1/0/3)#exit (Netgear Switch) (Config)#exit OSPF 110 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 111
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure an Inter-area Router 1. Enable IP routing on the switch. a. Select Routing > IP > and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. OSPF 111 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 112
Series and M4300-96X Fully Managed Switches c. Enter the following information: • In the IP Address field, enter 192.150.2.1. • In the Subnet Mask the router ID, and enable OSPF for the switch. a. Select Routing > OSPF > Advanced > OSPF Configuration. OSPF 112 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 113
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under OSPF Configuration, enter the following information: a. Select Routing > OSPF > Advanced > Interface Configuration. A screen similar to the following displays. OSPF 113 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 114
Series and M4300-96X Fully Managed Switches b. Scroll down and select the interface 1/0/2 check box. Now 1/0/2 appears in the Interface field at the top. Priority field, enter 255. • In the Metric Cost field, enter 64. c. Click Apply to save the settings. OSPF 114 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 115
. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#router-id 192.130.1.1 (Netgear Switch) (Config router)#no 1583compatibility (Netgear Switch) (Config router)#exit (Netgear Switch) (Config)#exit OSPF 115 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 116
and M4300-96X Fully Managed Switches 4. Enable OSPF for the ports, and set the OSPF priority and cost for the ports. (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip ospf (Netgear Switch) (Interface 1/0/2)#ip ospf areaid 0.0.0.2 (Netgear Switch - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 117
Series and M4300-96X Fully Managed Switches b. For Routing Mode, select the Enable radio field at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.150.2.2. • In the Network Mask field, enter 255.255 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 118
and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/3 check box. Now 1/0/3 appears in the Interface field at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 119
Series and M4300-96X Fully Managed Switches c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.64.4.1. • In a. Select Routing > OSPF > Advanced > Interface Configuration. OSPF 119 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 120
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Interface Configuration, scroll down and select the interface 1/0/2 In the OSPF Area ID field, enter 0.0.0.3. • In the OSPF Admin Mode field, select Enable. OSPF 120 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 121
M4300 Series and M4300-96X Fully Managed Switches • In the Priority field, enter 255. • In the Metric Cost field, enter 64. c. Click Apply to save the 11 Layer 3 switch Port 2/0/19 Port 1/0/15 Layer 3 switch Area 0 Figure 16. Area 1 is a stub area OSPF Area 1 121 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 122
Series and M4300-96X Fully Managed Switches CLI: Configure Area 1 as a Stub Area on A1 1. Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing 2. Set the router ID to 1.1.1.1. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 123
M4300 Series and M4300-96X Fully Managed Switches (Netgear Switch) (Config)#ex (Netgear Switch) #show ip ospf neighbor interface all Router ID IP Address Neighbor Interface State 4.4.4.4 192.168.10.2 2/0/11 Full 2.2.2.2 192.168.20.2 2/0/19 Full (Netgear Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 124
and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 2/0/11 check box. Now 2/0/11 appears in the Interface field at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 125
Series and M4300-96X Fully Managed Switches c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.168.20.1. • In the scroll down and select the interface 2/0/11 check box. OSPF 125 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 126
M4300 Series and M4300-96X Fully Managed Switches Now 2/0/11 appears in the Interface field at the top. • In the OSPF Area ID field, save the settings. 7. Configure area 0.0.0.1 as a stub area. a. Select Routing > OSPF > Advanced > Stub Area Configuration. OSPF 126 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 127
(Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#router ospf 2. Set the router ID to 2.2.2.2. (Netgear Switch) (Config-router)#router-id 2.2.2.2 3. Configure area 0.0.0.1 as a stub area. (Netgear Switch) (Config-router)#area 0.0.0.1 stub OSPF 127 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 128
M4300-96X Fully Managed Switches 4. Enable OSPF area 0.0.0.1 on the 1/0/15. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 1/0/15 (Netgear Switch) (Interface 1/0/15)#routing (Netgear . OSPF 128 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 129
Series and M4300-96X Fully Managed Switches 2. Assign IP address 192.168.10.1 to port Interface field at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.168.20.2. • In the Network Mask field, enter 255 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 130
Series and M4300-96X Fully Managed Switches c. Click Apply to save the settings. 4. Enable OSPF on port 1/0/15. a. Select Routing > OSPF > Advanced > to the following displays. b. In the Area ID field, enter 0.0.0.1. c. Click Add to save the settings. OSPF 130 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 131
. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config-router)#router-id 1.1.1.1 (Netgear Switch) (Config-router)#area 0.0.0.1 nssa 3. Stop importing summary LSAs to area 0.0.0.1. (Netgear Switch) (Config-router)#area 0.0.0.1 nssa no-summary OSPF 131 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 132
M4300 Series and M4300-96X Fully Managed Switches 4. Enable area 0.0.0.1 on port 2/0/19. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 2/0/11 (Netgear Switch) (Interface 2/0/11)#routing (Netgear Switch) (Interface 2/0/11)#ip address 192.168.10.1 255.255.255.0 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 133
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Area 1 as an NSSA Area on A1 1. Enable IP routing on the switch. a. Select the top. c. Enter the following information: • In the IP Address field, enter 192.168.10.1. OSPF 133 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 134
Series and M4300-96X Fully Managed Switches • In the Network Mask field, enter 255.255.255.0. • In the Admin Mode field, select Enable. d. . 4. Specify the router ID, and enable OSPF for the switch. a. Select Routing > OSPF > Basic > OSPF Configuration. OSPF 134 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 135
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under OSPF Configuration, in the Router ID field, enter the settings. 6. Enable OSPF on port 2/0/19. a. Select Routing > OSPF > Advanced > Interface Configuration. OSPF 135 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 136
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 2/0/19 check box. field, enter 0.0.0.1. • In the Import Summary LSA's field, select Disable. c. Click Add to save the settings. OSPF 136 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 137
Series and M4300-96X Fully Managed Switches CLI: Configure Area 1 as an NSSA Area on A2 1. Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#router ospf 2. Set the router ID to 2.2.2.2. (Netgear Switch) (Config-router)#router-id - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 138
M4300 Series and M4300-96X Fully Managed Switches 5. Enable OSPF area 0.0.0.1 on port 1/0/15. (Netgear Switch) (Config-router)#exit (Netgear Switch) (Config)#interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#routing (Netgear RIP 1/0/11 192.168.30.2 OSPF 138 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 139
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Area 1 as an NSSA Area on A2 1. Enable IP routing on Interface field at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. OSPF 139 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 140
M4300 Series and M4300-96X Fully Managed Switches • In the IP Address field, enter Interface field at the top. c. Enter the following information: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 192.168.20.2. • In the Network Mask field, enter 255.255 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 141
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under OSPF Configuration, in the Router ID field, enter settings. 6. Enable OSPF on port 1/0/15. a. Select Routing > OSPF > Advanced > Interface Configuration. OSPF 141 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 142
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/15 settings. 8. Redistribute the RIP routes into the OSPF area. a. Select Routing > OSPF > Advanced > Route Redistribution. OSPF 142 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 143
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the RIP check box. Now RIP appears inter-area router communicates with border routers in each of the areas to which it provides connectivity. OSPF 143 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 144
M4300 Series and M4300 support for Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 10 (Netgear Switch) (Vlan)#vlan 20 (Netgear Switch) (Vlan)#vlan routing 10 (Netgear Switch) (Vlan)#vlan routing 20 (Netgear Switch) (Vlan)#exit (Netgear Switch) #conf (Netgear Switch) (Config)#ip routing (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 145
Series and M4300-96X Fully Managed Switches 2. Specify the router ID and enable OSPF for the switch. (Netgear Switch) (Config)#router ospf (Netgear Switch) (Config router)#router-id 192.150.9.9 (Netgear Switch) (Config router)#enable (Netgear Switch) (Config router)#exit 3. Enable OSPF for the VLAN - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 146
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 10. box under port 3 until T displays. The T specifies that the egress packet is tagged for the port. OSPF 146 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 147
Series and M4300-96X Fully Managed Switches d. Click Apply to save the VLAN that includes port 3. 3. Enable OSPF on the switch. a. Select Routing > OSPF > Mode field, select Enable. • In the Priority field, enter 128. • In the Metric Cost field, enter 32. OSPF 147 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 148
M4300 Series and M4300-96X Fully Managed Switches e. Click Apply to save the settings. 5. Enable OSPF on LSAs, which eventually allow its use for both IPv4 and IPv6. Point-to-point links are also supported in order to enable operation over tunnels. It is possible to enable OSPF and OSPFv3 at the - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 149
and M4300-96X Fully Managed Switches Switch A1 Switch A2 Area 0 Figure 18. OSPFv3 Protocol for IPv6 CLI: Configure OSPFv3 1. On A1, enable IPv6 unicast routing on the switch. (Netgear Switch) (Config)#ipv6 unicast-routing 2. Enable OSPFv3, and assign 1.1.1.1 to router ID. (Netgear Switch - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 150
M4300 Series and M4300-96X Fully Managed Switches 5. On A2, enable IPv6 unicast routing on the switch. (Netgear Switch) (Config)#ipv6 unicast-routing 6. Enable OSPFv3, and assign 2.2.2.2 as the router ID. (Netgear Switch) (Config)#ipv6 router ospf (Netgear Switch) (Config-rtr)#enable (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 151
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure OSPFv3 1. Enable IPv6 unicast routing on the switch. a. Select Routing > settings. 3. Enable IPv6 on port 1/0/1. a. Select Routing > IPv6 > Advanced > IP Interface Configuration. OSPF 151 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 152
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/1 check box. Now select Disable. • In the Onlink Flag field, select Disable. • In the Autonomous Flag field, select Disable. OSPF 152 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 153
M4300 Series and M4300-96X Fully Managed Switches d. Click Add to save the settings. 5. Enable OSPFv3 on port 1/0/1. a. Select Routing > OSPFv3 > Advanced > Interface browser interface to configure OSPF on switch A2, repeat this process for switch A2. OSPF 153 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 154
8 8PBR Policy-based routing This chapter includes the following sections: • Policy-Based Routing Concepts • Route-Map Statements • PBR Processing Logic • PBR Configurations • PBR Example 154 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 155
Series and M4300-96X Fully Managed Switches Policy- the local PBR. However, this feature is not supported. Starting with Software Version 10.2, the NETGEAR switch supports the route-map infrastructure for BGP. Match parameters defined a routing decision. PBR 155 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 156
L3 routed traffic, the switch supports the following packet entities: • The size of the packet • Protocol of the payload (Protocol ID field in IP header) • Source MAC address • Source IP address • Destination IP address • Priority (802.1P priority) NETGEAR's policy-based routing feature overrides - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 157
M4300 Series and M4300-96X Fully Managed Switches The route map with a deny statement uses the following logic: • The incoming packet is matched against Route according to the action in the set clause. • Route (alone). Route using the default routing table. PBR 157 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 158
and M4300-96X Fully configure a rule with the VLAN ID as the match condition. PBR supports the preconfiguration of the route map on routing interfaces. If routing is not company activity must use a higher-bandwidth, high-cost (price of link) link while the basic connectivity continues over a Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 159
M4300 switch 20.2.1.1 1/0/4 20.2.1.2 IPS2 Internet Figure 19. PBR topology 1. Create an IP ACL 1 to match 10.1.0.0/16. (Netgear Netgear Switch) (Config) #route-map pbr_1 permit 10 (Netgear Switch) (route-map) #match ip address 1 (Netgear Switch) (route-map) #set ip next-hop 20.1.1.2 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 160
and M4300-96X Fully Managed Switches 5. Create VLAN 30 and put interface 1/0/1 and 1/0/2 into it. (Netgear Switch) #vlan database (Netgear Switch) (Vlan) #vlan 30 (Netgear Switch) (Vlan) #vlan routing 30 (Netgear Switch) (Vlan) #exit (Netgear Switch) (Config) #interface 1/0/1-1/0/2 (Netgear Switch - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 161
9 9ARP Proxy Address Resolution Protocol This chapter includes the following sections: • Proxy ARP Concepts • Proxy ARP Examples 161 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 162
M4300 Series and M4300-96X Fully Managed Switches Proxy ARP Concepts Proxy examples of the commands used in the proxy ARP feature. CLI: show ip interface (Netgear Switch) #show ip interface ? brief Enter an interface in slot/port IP MTU 1500 ARP 162 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 163
Series and M4300-96X Fully Managed Switches CLI: ip proxy-arp (Netgear Switch) (Interface 0/24)#ip proxy-arp ? Press Enter to execute the command. (Netgear Switch) (Interface 0/24)#ip proxy-arp Local Enable. 4. Click Apply to save the settings. ARP 163 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 164
10 10VRRP Virtual Router Redundancy Protocol This chapter includes the following sections: • Virtual Router Redundancy Protocol Concepts • VRRP on a Master Router • VRRP on a Backup Router 164 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 165
M4300 Series and M4300-96X Fully Managed Switches Virtual Router Redundancy Protocol Concepts When an end station is statically configured with the switch can be configured as a virtual router. Either a physical port or a routed VLAN can participate. VRRP 165 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 166
the switch to support VRRP. Router 1 is the default master router for the virtual route, and Router 2 is the backup router. CLI: Configure VRRP on a Master Router 1. Enable routing for the switch. IP forwarding will then be enabled by default. (Netgear Switch) #config (Netgear Switch) (Config)#ip - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 167
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure VRRP on a Master Router 1. Enable IP routing on the switch. a. Select save the settings. 3. Enable VRRP on port 1/0/2. a. Select Routing > VRRP > Advanced > VRRP Configuration. VRRP 167 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 168
Series and M4300-96X Fully Managed Netgear Switch) (Interface 1/0/4)#routing (Netgear Switch) (Interface 1/0/4)#ip address 192.150.4.1 255.255.0.0 (Netgear Switch) (Interface 1/0/4)#exit 3. Enable VRRP for the switch. (Netgear Switch) (Config)#ip vrrp VRRP 168 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 169
Series and M4300-96X Fully Managed Switches 4. Assign virtual router IDs to port that will participate in the protocol. (Netgear Switch) (Config)#interface 1/0/4 (Netgear Switch) (Interface a. Select Routing > IP > Advanced > IP Interface Configuration. VRRP 169 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 170
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/4 check box. Now 1/0/4 field, enter 192.150.2.1. • In the Status list, select Active. d. Click Add to save the settings. VRRP 170 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 171
11 11ACLs Access Control Lists This chapter includes the following sections: • Access Control List Concepts • MAC ACLs • Set Up an IP ACL with Two Rules • One-Way Access Using a TCP Flag in an ACL • Use ACLs to Configure Isolated VLANs on a Layer 3 Switch • Set up a MAC ACL with Two Rules • - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 172
M4300 supports ACLs set up for inbound traffic only. MAC ACLs MAC ACLs are Layer 2 ACLs. You can configure the rules to inspect the following fields of a packet (limited by platform): • Source MAC address with mask. • Destination MAC address with mask. • VLAN ID (or range of IDs). • Class of Service - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 173
M4300 Series and M4300-96X Fully Managed Switches IP ACLs IP ACLs classify for Layer 3. Each ACL is a set of up to 10 rules applied to inbound be accepted by the switch only if the source and destination stations have IP addresses within the defined sets. ACLs 173 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 174
M4300 Series and M4300 The following is an example of configuring ACL support on a 7000 Series Managed Switch. Create . 1. Enter these commands: (Netgear Switch) #config (Netgear Switch) (Config)#access-list 101 for TCP traffic. (Netgear Switch) (Config)#access-list 101 permit udp - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 175
M4300-96X Fully Managed Switches 3. Apply the rule to inbound traffic on port 1/0/2. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#ip access-group 101 in (Netgear Switch) (Interface 1/0/2)#exit (Netgear Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 176
Series and M4300-96X Fully Managed Switches c. Click Add to create a new rule. 3. Create a new ACL rule and add it to ACL 101. a. After you the following information: • In the Rule ID (1 to 23) field, enter 22. • For Action, select the Permit radio button. ACLs 176 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 177
Series and M4300-96X Fully Managed Switches • In the Protocol Type list, select UDP. • In the Source IP Address field, enter 192.168.77.0. • In . d. Click the gray box under port 2. A check mark displays in the box. e. Click Apply to save the settings. ACLs 177 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 178
M4300 Series and M4300-96X Fully Managed Switches One-Way Access Using a TCP Flag in an ACL This example shows how to set up one-way access using a TCP 1/0/25 PC 1 192.168.30.2 192.168.50.2 PC 2 Figure 22. One-Way Web access using a TCP flag in an ACL ACLs 178 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 179
and M4300-96X Netgear Switch) (Config)#interface vlan 100 (Netgear Switch) (Interface-vlan 100)#routing (Netgear Switch) (Interface-vlan 100)#ip address 192.168.100.1 255.255.255.0 (Netgear Switch) (Interface-vlan 100)#exit (Netgear Switch) (Config)#exit ACLs 179 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 180
M4300 Series and M4300-96X Fully Managed Switches 3. Create VLAN 200 with port 0/44 and assign IP address 192.168.200.1/24. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#vlan routing 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) #configure (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 181
1/0/25)#exit (Netgear Switch) (Config)#interface vlan 50 (Netgear Switch) (Interface-vlan 50)#routing (Netgear Switch) (Interface-vlan 50)#ip address 192.168.50.1 255.255.255.0 (Netgear Switch) (Interface-vlan 50)#exit (Netgear Switch) (Config)#exit ACLs 181 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 182
M4300-96X Fully Managed Switches 3. Create VLAN 200 with port 1/0/48 and assign IP address 192.168.200.1/24. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#vlan routing 200 (Netgear Switch) (Config)#interface 1/0/48 (Netgear Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 183
Series and M4300-96X Fully Managed Switches b. In the VLAN Routing Wizard, enter the following information: • In the Vlan ID field, enter 30. • In the 100. 3. Create VLAN 200 with IP address 192.168.200.1/24. a. Select Routing > VLAN > VLAN Routing Wizard. ACLs 183 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 184
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the Vlan ID field, enter 200. . c. Click Apply to enable IP routing. 5. Add a static route with IP address 192.268.40.0/24: ACLs 184 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 185
Series and M4300-96X Fully Managed Switches a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. b. Under Configure IP Address field, enter 192.168.200.2. c. Click Add. 7. Create an ACL with ID 101. ACLs 185 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 186
Series and M4300-96X Fully Managed Switches a. Select Security > ACL > Advanced > IP ACL. A screen similar to the following displays. b. In the IP IP extended rule that is associated with ACL 101. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 186 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 187
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID list, select 101. c. IP extended rule that is associated with ACL 102. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 187 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 188
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID list, select 102. the settings. 11. Apply ACL 101 to port 44. a. Select Security > ACL > Advanced > IP Binding Configuration. ACLs 188 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 189
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Binding Configuration, specify the following: • In the ACL ID list, box under port 44. A check mark displays in the box. e. Click Apply to save the settings. ACLs 189 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 190
M4300 Series and M4300-96X Fully Managed Switches Configuring the Switch B 1. Create VLAN 40 with IP address 192.168.40.1/24. a. Select Routing > VLAN > VLAN In the IP Address field, enter 192.168.50.1. • In the Network Mask field, enter 255.255.255.0. ACLs 190 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 191
Series and M4300-96X Fully Managed Switches c. Click Unit 1. The ports display. d. Click the gray box under port 25 twice until U displays. .0/24: a. Select Routing > Routing Table > Basic > Route Configuration. A screen similar to the following displays. ACLs 191 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 192
Series and M4300-96X Fully Managed Switches b. Under Configure Routes, make the following selections and enter the following information: • Select Static in the Route 255.255.255.0. • In the Next Hop IP Address field, enter 192.168.200.1. c. Click Add. ACLs 192 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 193
M4300 Series and M4300-96X Fully Managed Switches Use ACLs to Configure Isolated VLANs on a Layer 3 Switch This example shows how to isolate VLANs on a Layer 3 PC1 PC2 192.148.24.2 Figure 23. Using ACLs to isolate VLANs on a Layer 3 switch 192.148.48.2 ACLs 193 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 194
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure One-Way Access Using a TCP Flag in ACL Commands 1. Enter the following CLI commands. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 24 (Netgear Switch) (Vlan)#vlan routing 24 (Netgear Switch) (Vlan)#exit (Netgear Switch) - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 195
M4300 Series and M4300-96X Fully Managed Switches 3. Create VLAN 38, add port 1/0/38 to it, and assign IP address 10.100.5.34 to it. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 38 (Netgear Switch) (Vlan)#vlan routing (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 196
M4300-96X Fully Managed Switches 9. Deny all traffic with the destination IP address 192.168.48.0/24, and permit all other traffic. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#ip access-group 102 in 1 (Netgear 192.168.48.1. ACLs 196 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 197
Series and M4300-96X Fully Managed Switches a. Select Routing > VLAN > VLAN Routing Wizard. A screen similar to the following displays. b. Enter the following Click Unit 1. The ports display. d. Click the gray box under port 38 twice until U displays. ACLs 197 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 198
M4300 Series and M4300-96X Fully Managed Switches The U specifies that the egress packet is untagged for the port. e. Click Apply to save VLAN 38. 4. Enable IP the following displays. b. In the IP ACL Table, in the IP ACL ID field, enter 101. c. Click Add. ACLs 198 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 199
M4300 Series and M4300-96X Fully Managed Switches 6. Create an ACL with ID 102. a. Select Security > ACL > Advanced > IP ACL. A screen similar to the IP extended rule that is associated with ACL 101: a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 199 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 200
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 101. IP extended rule that is associated with ACL 102. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 200 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 201
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 102. IP extended rule that is associated with ACL 103: a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 201 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 202
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IP Extended Rules, in the ACL ID field, select 103. the settings. 11. Apply ACL 102 to port 24: a. Select Security > ACL > Advanced > IP Binding Configuration. ACLs 202 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 203
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Binding Configuration, make the following selection and enter the 1. The ports display. d. Click the gray box under port 48. A check mark displays in the box. ACLs 203 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 204
Series and M4300-96X Fully Managed Switches e. Click Apply to save the settings. 13. Apply ACL up a MAC ACL with Two Rules 1. Create a new MAC ACL acl_bpdu. (Netgear Switch) # (Netgear Switch) #config (Netgear Switch) (Config)#mac access-list extended acl_bpdu ACLs 204 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 205
M4300 Series and M4300-96X Fully Managed Switches 2. Deny all the traffic that has destination MAC 01:80:c2:xx:xx:xx. (Netgear Switch) (Config-mac-access-list)#deny any 01:80:c2:00:00:00 00:00:00:ff:ff:ff 3. Permit all the other traffic. (Netgear MAC Rules. ACLs 205 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 206
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. a. In the ACL Name field, select acl_bpdu. b. In the Action field, information in the Rule Table. • In the ID field, enter 2. • In the Action field, select Permit. ACLs 206 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 207
Series and M4300-96X Fully Managed Switches c. Click the Add button. 4. Apply the ACL acl_bpdu to port 2. a. Select Security > ACL > MAC ACL > MAC Binding to an interface. Any traffic matching this rule will be copied to the specified mirrored interface. ACLs 207 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 208
M4300 Series and M4300-96X Fully Managed Switches Other network 1/0/1 L2 switch Switch 1/0/19 Probing to the interface 1/0/1. 1. Create an IP access control list with the name monitorHost. (Netgear Switch) (Config)# ip access-list monitorHost 2. Define the rules to match host 10.0.0.1 and to - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 209
M4300 Series and M4300-96X Fully Managed Switches 3. Bind the ACL with interface 1/0/1. (Netgear Switch) (Interface 1/0/1)#ip access-group monitorHost in 1 4. View the configuration. (Netgear Switch) # show ip Number: 2 Action permit Match All TRUE ACLs 209 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 210
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure ACL Mirroring 1. Create an IP access control list with the name to match host 10.0.0.1 in the ACL monitorHost. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 210 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 211
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. 3. Create a rule to match every other traffic. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 211 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 212
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. c. In . e. In the Match Every field, select True. f. Click Apply. A screen similar to the following displays. ACLs 212 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 213
Series and M4300-96X Fully Managed Switches 4. Bind the ACL with interface 1/0/1. a. Select Security > ACL > Advanced > IP Binding Configuration. A screen 1/0/19 Workstation Workstation Figure 25. ACL Redirect ACLs Web server 213 HTTP packets Other packets Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 214
Series and M4300-96X Fully Managed Switches CLI: to port 1/0/19. 1. Create an IP access control list with the name redirectHTTP. (Netgear Switch) (Config)#ip access-list redirectHTTP 2. Define a rule to match the HTTP stream permit Match All TRUE ACLs 214 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 215
Series and M4300-96X Fully Managed Switches Local Browser Interface: Redirect a Traffic Stream This example redirects the HTTP traffic stream received in . 2. Create a rule to redirect HTTP traffic. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 215 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 216
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays. c. In Create a rule to match every other traffic. a. Select Security > ACL > Advanced > IP Extended Rules. ACLs 216 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 217
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click Add. A screen similar to the following displays . 4. Bind the ACL with interface 1/0/1. a. Select Security > ACL > Advanced > IP Binding Configuration. ACLs 217 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 218
EF" (Netgear Switch) (Config-ipv4-acl)#permit ip any any dscp ef (Netgear Switch) (Config-ipv4-acl)#remark "deny all of other packets" (Netgear Switch) (Config-ipv4-acl)#deny ip any any (Netgear Switch) (Config-ipv4-acl)#exit (Netgear Switch) (Config)#exit ACLs 218 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 219
Switch) (Config)#ip access-list voice_acl (Netgear Switch) (Config-ipv4-acl)#permit ip any any dscp cs5 (Netgear Switch) (Config-ipv4-acl)#permit ip any any dscp ef (Netgear Switch) (Config-ipv4-acl)#deny ip any any (Netgear Switch) (Config-ipv4-acl)#exit ACLs 219 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 220
Series and M4300-96X Fully Managed Switches 2. Verify that the sequence numbers are assigned by the switch. The first sequence number is 10, the second sequence number is 20, and so on. (Netgear Switch) ( Sequence Number: 1200 Action deny Match All TRUE ACLs 220 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 221
M4300-96X Fully Managed Switches 4. Insert a new ACL rule at a particular position. For example, insert a new ACL rule with sequence number 900 at the first position. The new rule drops all packets that arrive from IP address 192.168.1.1. (Netgear Switch) #config (Netgear Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 222
tcp any any eq ssh (Netgear Switch) (Config-ipv4-acl)#permit every (Netgear Switch) (Config-ipv4-acl)#exit (Netgear Switch) (Config)#ip access-group acl_for_cpu control-plane eq ssh Configure IPv6 ACLs This feature extends the existing IPv4 ACL by providing support for IPv6 packet classification - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 223
M4300 Series and M4300-96X Fully Managed Switches • DSCP value • Flow label Note that the order of the rules is important: When a packet matches the destination network 2001:DB8:C0AB:AC13::/64. • Rule-3. Permits IPv6 HTTP traffic to any destination. ACLs 223 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 224
traffic on port 1/0/1. Only traffic matching the criteria will be accepted. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# ipv6 traffic-filter ipv6-acl in (Netgear Switch) (Interface 1/0/1)# exit (Netgear Switch) (Config)#exit ACLs 224 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 225
M4300-96X Fully Managed Switches 4. View the configuration. (Netgear Switch) #show ipv6 access-lists Current number of all ACLs: 1 Maximum number of all ACLs: 100 IPv6 ACL Name Rules ipv6-acl 3 Direction --------inbound Interface(s 1/0/1 VLAN(s (Netgear Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 226
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure an IPv6 ACL 1. Create the access control list with the name ipv6- to the following displays. 2. Define the first rule (1 of 3). a. Select Security > ACL > Advanced > IPv6 Rules. ACLs 226 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 227
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the ACL Name list, select ipv6-acl. c. Click Add Prefix Length field, enter 64. j. Click Apply. 3. Add Rule 2. a. Select Security > ACL > Advanced > IPv6 Rules. ACLs 227 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 228
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the ACL Name list, select ipv6-acl. c. Click L4 Port list, select telnet. l. Click Apply. 4. Add Rule 3. a. Select Security > ACL > Advanced > IPv6 Rules. ACLs 228 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 229
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the ACL Name list, select ipv6-acl. c. Click Add. the ACL ID list, select ipv6-acl. c. In the Sequence Number list, select 1. d. Click Unit 1. e. Select Port 1. ACLs 229 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 230
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. f. Click the Apply button. 6. View the binding table. Select Security > ACL > Advanced > Binding Table. A screen similar to the following displays. ACLs 230 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 231
shaping features. The chapter includes the following sections: • CoS Queuing Concepts • Show the Trust Mode for a Class of Service • Set the Trust Mode for a Class of Service • Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode • Set the CoS Trust Mode for an Interface • Configure - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 232
M4300-96X Fully Managed Switches CoS Queuing Concepts Each port has one or more queues for packet transmission. During configuration, you can determine the mapping and configuration of these queues. Based on the service priority on a per-port basis. CoS Queuing 232 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 233
Series and M4300-96X Fully per-queue, per-drop precedence basis allows you to create the service characteristics that you want for different types of traffic. Port egress vs. WRED Only if per-queue configuration is not supported • WRED decay exponent • Traffic shaping for an entire interface - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 234
Series and M4300-96X Fully Managed Switches Show the Trust Mode for a Class of Service The example is shown as CLI commands and as a local browser interface procedure. CLI: Show the Trust Mode for a Class of Service To use the CLI to show CoS trust mode, use these commands: (Netgear Switch) #show - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 235
Series and M4300-96X Fully Managed Switches Set the Trust Mode for a Class of Service The example is shown as CLI commands and as a local browser interface procedure. CLI: Set the Trust Mode for a Class of Service (Netgear Switch) (Config)#classofservice? dot1p-mapping Configure dot1p priority - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 236
M4300-96X Fully Managed Switches Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure Cos-queue Min-bandwidth and Strict Priority Scheduler Mode (Netgear Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 237
M4300 Series and M4300-96X Fully Managed Switches b. In the Queue ID list, select 0. c. Under Interface Queue Configuration, scroll down and select the interface 25. • In the Scheduler Type list, select Strict. e. Click Apply to save the settings. CoS Queuing 237 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 238
M4300-96X Fully Managed Switches Set the CoS Trust Mode for an Interface The example is shown as CLI commands and as a local browser interface procedure. CLI: Set the CoS Trust Mode for an Interface (Netgear Switch) (Interface 1/0/3)#classofservice trust? dot1p Sets the Class of Service Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 239
Series and M4300-96X Fully Managed Switches Configure Traffic Shaping of which queues originate the outbound traffic. CLI: Configure Traffic Shaping (Netgear Switch) (Config)#traffic-shape? Enter the shaping bandwidth percentage at the top. CoS Queuing 239 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 240
M4300 Series and M4300-96X Fully Managed Switches c. In the Interface Shaping Rate (0 to 100) field, enter 70. d. Click Apply to save the settings. CoS Queuing 240 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 241
13 13DiffServ Differentiated Services This chapter includes the following sections: • Differentiated Services Concepts • DiffServ • DiffServ for VoIP • Auto VoIP • DiffServ for IPv6 • Color Conform Policy • WRED Explicit Congestion Notification 241 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 242
M4300-96X Fully Managed Switches Differentiated Services Concepts Differentiated services (DiffServ) is one technique for implementing Quality of Service service support Services services support DiffServ in the outbound direction. Rules are defined in terms of classes, policies, and services supports - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 243
Series and M4300-96X Fully Managed Switches DiffServ This example shows how a network 20: Marketing VLAN 30: Test VLAN 40: Development Figure 27. Class B subnet with differentiated services The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure DiffServ - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 244
Switch) (Config policy-class-map)#exit (Netgear Switch) (Config policy-map)#class development_dept (Netgear Switch) (Config policy-class-map)#assign-queue 4 (Netgear Switch) (Config policy-class-map)#exit (Netgear Switch) (Config policy-map)#exit DiffServ 244 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 245
M4300 Series and M4300-96X Fully Managed Switches 4. Attach the defined policy to interfaces 1/0/1 through 1/0/4 in the inbound direction. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#service-policy in internet_access (Netgear Switch) (Interface 1/0/1)#exit (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 246
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure DiffServ 1. Enable Diffserv. a. Select QoS > DiffServ > Basic > DiffServ Add to create a new class finance_dept. d. Click the finance_dept to configure this class. DiffServ 246 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 247
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the following . c. Click Add to create a new class marketing_dept. d. Click marketing_dept to configure this class. DiffServ 247 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 248
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the following information . c. Click Add to create a new class test_dept. d. Click test_dept to configure this class. DiffServ 248 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 249
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the Click the Add to create a new class development_dept. d. Click development_dept to configure this class. DiffServ 249 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 250
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, enter the class marketing_dept into the policy internet_access. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 250 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 251
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and . a. Select QoS > DiffServ > Advanced > Policy Configuration. A screen similar to the following displays. DiffServ 251 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 252
Series and M4300-96X Fully Managed Switches b. Under Policy Configuration, scroll down and select the internet_access check box. Now 1. d. Click Apply. 11. Assign queue 2 to marketing_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 252 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 253
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click the internet_access check box for Click Apply. 12. Assign queue 3 to test_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 253 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 254
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click the internet_access check mark for Click Apply. 13. Assign queue 4 to development_dept. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 254 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 255
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Click the Attach the defined policy to interfaces 1/0/1 through 1/0/4 in the inbound direction. a. Select QoS > DiffServ > Advanced > Service Configuration. DiffServ 255 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 256
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the check boxes for CoS queue 2 configuration for interface 1/0/5. a. Select QoS > CoS > Advanced > Interface Queue Configuration. DiffServ 256 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 257
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Interface Queue Configuration, scroll down CoS queue 4 configuration for interface 1/0/5. a. Select QoS > CoS > Advanced > Interface Queue Configuration. DiffServ 257 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 258
Series and M4300-96X Fully Managed Switches A screen similar to uses of DiffServ is to support Voice over IP (VoIP). VoIP traffic is inherently time sensitive: For a network to provide acceptable service, a guaranteed transmission rate is to Router 2. DiffServ 258 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 259
Series and M4300-96X Fully Managed DiffServ for the switch. (Netgear Switch) #config (Netgear Switch) (Config)#cos-queue strict 5 (Netgear Switch) (Config)#diffserv (Netgear Switch) (Config)#class-map match-all class_voip (Netgear Switch) (Config class-map)#match protocol udp (Netgear Switch - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 260
policy-map)#exit 5. Attach the defined policy to an inbound service interface. (Netgear Switch) (Config)#interface 1/0/2 (Netgear Switch) (Interface 1/0/2)#service-policy in pol_voip (Netgear Switch) (Interface 1/0/2)#exit (Netgear Switch) (Config)#exit DiffServ 260 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 261
Series and M4300-96X Fully Managed Switches Local Browser Interface: Diffserv for VoIP 1. Set queue 5 on all interfaces to use strict mode. to save the settings. 3. Create a class class_voip. a. Select QoS > DiffServ > Advanced > DiffServ Configuration. DiffServ 261 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 262
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Class Name field, enter class_voip. c. In to create a new class. 4. Create a class class_ef: a. Select QoS > DiffServ > Advanced > DiffServ Configuration. DiffServ 262 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 263
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Class Name field, enter class_ef. a policy pol_voip. and add class_voip to this policy. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 263 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 264
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Policy Selector field, enter pol_voip. c. new policy. 6. Add class_ef to the policy pol_voip. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 264 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 265
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Policy policy. 7. Attach the defined policy to interface 1/0/2 in the inbound direction. a. Select QoS > DiffServ > Advanced > Service Configuration. DiffServ 265 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 266
Series and M4300-96X Fully Managed Switches A screen similar to the Auto VoIP provides a better class of service (CoS) to data and signaling VoIP streams than to other traffic. The supported signaling protocols are Session Initiation Protocol traffic. DiffServ 266 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 267
Series and M4300-96X Fully Managed Switches Note: Queue default list of OUIs. You can also add OUIs that need prioritization. The switch can support up to 128 OUIs, including the default OUIs. By default, the switch uses the highest nonoperational. DiffServ 267 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 268
Series and M4300-96X Fully Managed Switches PBX Switch VoIP phone VoIP phone VoIP 1. Enable protocol-based Auto VoIP on a specific port of the switch. (Netgear Switch)(Configure)#interface 2/0/1 (Netgear Switch)(Interface 2/0/1)#auto-voip protocol-based DiffServ 268 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 269
Series and M4300-96X Fully Managed Switches 2. Display the Auto VoIP information. (Netgear Switch) #show auto-voip protocol-based interface 2/0/1 VoIP VLAN Id 2 Prioritization Type traffic-class the protocol-based Auto VoIP to egress queue 4. DiffServ 269 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 270
M4300 Series and M4300-96X Fully Managed Switches 1. Change the egress queue of protocol-based Auto VoIP. (Netgear Switch) (Config)#auto-voip protocol-based traffic-class 4 2. Display the Auto VoIP information. (Netgear a VLAN first to use auto VoIP. DiffServ 270 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 271
M4300-96X Fully Managed Switches 1. Create VLAN 5. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit 2. Assign the VoIP traffic to VLAN 5, which becomes the VoIP VLAN. (Netgear > Basic > Vlan Configuration. DiffServ 271 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 272
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the VLAN ID field, enter 5. c. Click Add. 2. Assign . A screen similar to the following displays. b. From the VoIP VLAN Id menu, select 5. c. Click Apply. DiffServ 272 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 273
M4300 Series and M4300-96X Fully Managed Switches DiffServ for IPv6 This feature extends the existing QoS ACL and DiffServ functionality by providing support other IPv6 traffic. 1. Create the IPv6 class classicmpv6. (Netgear Switch) (Config)# class-map match-all classicmpv6 ipv6 2. Define matching - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 274
and 1/0/3: (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# service-policy in policyicmpv6 (Netgear Switch) (Interface 1/0/1)# exit (Netgear Switch) (Config)# interface 1/0/2 (Netgear Switch) (Interface 1/0/2)# service-policy in policyicmpv6 (Netgear Switch) (Interface - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 275
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. d. Click Add to create the IPv6 class. A screen > Advanced > IPv6 Class Configuration. A screen similar to the following displays. b. Click the class classicmpv6. DiffServ 275 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 276
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. c. Select the Protocol Type radio button, select Other, and enter 58. A screen similar to the following displays. DiffServ 276 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 277
Series and M4300-96X Fully Managed Switches d. Click the Apply button. 3. Create the policy policyicmpv6, and associate the previously created class classicmpv6. a. In the Policy Type list, select In. d. In the Member Class list, select classicmpv6. DiffServ 277 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 278
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Click Add. 4. Set the attribute as assign queue 6. a. Select to the following displays. b. Click the policy policyicmpv6. c. In the Assign Queue list, select 6. DiffServ 278 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 279
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. d. Click Apply. 5. Attach the policy policyicmpv6 to interfaces 1/0/1,1/0/2 and 1/0/3. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. In - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 280
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. d. Click Apply. A screen similar to the following displays. Color is congestion. The example is shown as CLI commands and as a local browser interface procedure. DiffServ 280 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 281
exit 2. Create classes class_vlan and class_color. Note: DiffServ service is enabled by default. (Netgear Switch) (Config)#class-map match-all class_vlan (Netgear Switch) (Config-classmap)#match vlan 5 (Netgear Switch) (Config-classmap)#exit (Netgear Switch) (Config)#class-map match-all class_color - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 282
M4300-96X Fully Managed Switches 4. Apply this policy to port 1/0/13. (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#service-policy in policy_vlan (Netgear Switch) (Interface 1/0/13)#exit (Netgear 1. The ports display. DiffServ 282 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 283
Series and M4300-96X Fully Managed Switches d. Click the gray boxes under ports 13 and 25 until T displays. The T specifies that the create a new class class_vlan. A screen similar to the following displays. d. Click class_vlan to configure this class. DiffServ 283 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 284
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, in the VLAN field, enter 5. . A screen similar to the following displays. d. Click class_color to configure this class. DiffServ 284 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 285
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. e. Under Diffserv Class Configuration, in the Precedence Add. 6. Associate policy_vlan with class_vlan. a. Select QoS > DiffServ > Advanced > Policy Configuration. DiffServ 285 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 286
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Policy Configuration, scroll down and select the select the Send radio button. i. For Violate Action, select the Drop radio button. j. Click Apply. DiffServ 286 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 287
M4300-96X Fully Managed Switches 8. Apply policy_vlan to interface 1/0/13. a. Select QoS > DiffServ > Advanced > Service Interface Configuration. A screen similar to the following displays. b. Under Service • 11. Congestion Encountered, CE TCP also supports ECN through two flags in the TCP header: - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 288
Series and M4300-96X Fully Managed Switches Weighted random early discard (WRED, also referred exceed-action transmit violate-action transmit (Netgear Switch) (Config-policy-classmap)#conform-color class2 (Netgear Switch) (Config-policy-classmap)#exit DiffServ 288 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 289
M4300-96X Fully Managed Switches 3. Apply the policy on port 1/0/25. (Netgear Switch) (Config)#interface 1/0/25 (Netgear Switch) (Interface 1/0/25)#service-policy in p1 4. Let the packets with dot1p priority 3 be placed in queue 3. (Netgear ECN on queue 3. (Netgear Switch) (Config)#random-detect - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 290
14 14IGMP Snooping and Querier Internet Group Management Protocol features This chapter includes the following sections: • Internet Group Management Protocol Concepts • IGMP Snooping • Show igmpsnooping • Show mac-address-table igmpsnooping • External Multicast Router • Multicast Router Using VLAN • - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 291
config (Netgear Switch) (Config)#set igmp (Netgear Switch) (Config)#exit 2. Enable IGMP snooping on a VLAN (in this example, on VLAN 300): (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#set igmp 300 (Netgear Switch) (Vlan)#exit IGMP Snooping and Querier 291 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 292
Series and M4300-96X Fully Managed Switches Local Browser Interface: Enable IGMP Snooping Configure IGMP snooping CLI commands and as a local browser interface procedure. CLI: Show igmpsnooping (Netgear Switch) #show igmpsnooping Admin Mode Disable Multicast Control Frame Count 0 Interfaces - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 293
Series and M4300-96X Fully Managed Switches Local Browser : Show mac-address-table igmpsnooping (Netgear Switch) #show mac-address-table igmpsnooping ? Press Enter to execute the command. (Netgear Switch) #show mac-address-table IGMP Snooping and Querier 293 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 294
M4300 Series and M4300-96X Fully Managed Switches CLI for IGMPv3: show igmpsnooping ssm entries (Netgear Switch) #show igmpsnooping ssm entries VLAN ID that is reachable from this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter interface IGMP Snooping and Querier 294 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 295
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure the Switch with an External Multicast Router () to the multicast router attached to this interface. (Netgear Switch)(Interface 1/0/3)# set igmp mrouter 2 IGMP Snooping and Querier 295 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 296
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure the . IGMP Querier Concepts When the switch is used in network applications where video services such as IPTV, video streaming, and gaming are deployed, the video traffic is and Querier 296 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 297
M4300 Series and M4300-96X Fully Managed Switches Figure 32. IGMP querier Since the IGMP querier is designed to work with IGMP snooping, it is necessary to enable IGMP snooping when using it. The following figure shows a network application for video streaming service Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 298
M4300 Series and M4300-96X Fully Managed Switches (Netgear switch) #vlan database (Netgear switch) (vlan)#set igmp 1 (Netgear switch) (vlan)#set igmp querier 1 (Netgear switch) (vlan)#exit (Netgear switch) #config (Netgear switch) (config)#set igmp querier (Netgear 298 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 299
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • For Querier Admin Mode, select the following displays. b. In the VLAN ID field, enter 1. 5. Click Add. IGMP Snooping and Querier 299 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 300
M4300 Series and M4300-96X Fully Managed Switches Show IGMP Querier Status The example is shown as CLI commands and as a local browser interface procedure. CLI: Show IGMP Querier Status To see the IGMP querier status, use the following command. (Netgear Querier 300 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 301
15 15MVR Multicast VLAN registration This chapter includes the following sections: • Multicast VLAN Registration • Configure MVR in Compatible Mode • Configure MVR in Dynamic Mode 301 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 302
M4300 Series and M4300-96X Fully Managed Switches Multicast VLAN Registration The IGMP Layer 3 protocol Multicast VLAN registration (MVR) is intended to solve the problem of receivers in different VLANs. It uses a dedicated manually configured VLAN, called the multicast VLAN, to forward multicast - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 303
M4300 Series and M4300-96X Fully Managed Switches Multicast source IGMP switch SP (VLAN999) SP (VLAN 999) MVR switch RP (VLAN 1001) Multicast client RP ( router has to be statically configured to transmit all required multicast streams to the MVR switch. MVR 303 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 304
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure MVR in Compatible Mode 1. Create MVLAN, VLAN1, VLAN2, and VLAN3. (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 999,1001, 1002, 1003 (Netgear Switch) (Vlan)#vlan name 999 mVlan (Netgear Switch) (Vlan)#vlan name 1001 Vlan1 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 305
M4300-96X Fully Managed Switches (Netgear Switch) (Config)#interface 0/1 (Netgear Switch) (Interface 0/1)#vlan participation include 1001 (Netgear Switch) (Interface 0/1)#vlan pvid 1001 (Netgear Switch) (Interface 0/1)#vlan participation exclude 1 (Netgear Mode compatible (Netgear Switch) #show - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 306
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure MVR in Compatible Mode 1. Create MVLAN 999, VLAN1 1001, VLAN2 1002 and VLAN3 1003 T specifies that the egress packet is tagged for the ports. e. Click Apply to save the settings. MVR 306 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 307
Series and M4300-96X Fully Managed Switches f. Repeat steps from b to e, add port 0/1 to VLAN1 1001, add port 0/5 to VLAN2 1002, Add. 5. Configure a receiver on interface 0/1, 0/5, and 0/7. a. Select Switching > MVR > Basic > MVR Interface Configuration. MVR 307 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 308
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under MVR Interface Configuration, scroll down and select the the settings. 7. Configure MVR Group Membership. a. Select Switching > MVR > Advanced > MVR Membership. MVR 308 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 309
(Netgear Switch) (Vlan)#vlan 999,1001, 1002, 1003 (Netgear Switch) (Vlan)#vlan name 999 mVlan (Netgear Switch) (Vlan)#vlan name 1001 Vlan1 (Netgear Switch) (Vlan)#vlan name 1002 Vlan2 (Netgear Switch) (Vlan)#vlan name 1003 Vlan3 (Netgear Switch) (Vlan)#exit MVR 309 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 310
Series and M4300-96X Fully Managed Switches 2. Enable MVR, configure VLAN 999 as a multicast VLAN, and add group 224.1.2.3 to MVR. (Netgear Switch) #config (Netgear Switch) (Config)#mvr (Netgear Switch) (Config)#mvr vlan 999 (Netgear Switch) (Config)#mvr group 224.1.2.3 3. Configure MVR in dynamic - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 311
M4300-96X Fully Managed Switches (Netgear Switch) (Config)#interface 0/1 (Netgear Switch) (Interface 0/1)#vlan participation include 1001 (Netgear Switch) (Interface 0/1)#vlan pvid 1001 (Netgear Switch) (Interface 0/1)#vlan participation exclude 1 (Netgear Mode compatible (Netgear Switch) #show - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 312
Series and M4300-96X Fully Managed Switches 7. After port 0/1 receive IGMP report for Multicast Group 224.1.2.3, it will be added to the MVR Group 224.1.2.3. (Netgear Switch) #show with tagged mode. f. Select Switching > VLAN > Advanced > VLAN Membership. MVR 312 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 313
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. g. In the VLAN ID list, select 999. h. Click Unit 1. The ports . d. From the MVR mode list, select dynamic. e. Click Apply. 3. Add multicast group 224.1.2.3 to the MVR. MVR 313 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 314
Series and M4300-96X Fully Managed Switches a. Select Switching > MVR > Basic > MVR Group Configuration. A screen similar to the following displays. settings. 5. Configure a source interface. a. Select Switching > MVR > Basic > MVR Interface Configuration. MVR 314 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 315
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under MVR Interface Configuration, scroll down and select the a. Select Switching > MVR > Advanced > MVR Group Membership. A screen similar to the following displays. MVR 315 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 316
16 16Security Management Port security features This chapter includes the following sections: • Port Security Concepts • Set the Dynamic and Static Limit on Port 1/0/1 • Convert the Dynamic Address Learned from 1/0/1 to a Static Address • Create a Static Address • Protected Ports • 802.1x Port - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 317
Series and M4300-96X Fully Managed Switches Port Security Concepts Port security helps to secure the another port. Static MAC addresses are not eligible for aging. • Static locking. You can manually specify a list of static MAC addresses for a port. Dynamically locked addresses can be converted to - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 318
M4300-96X Fully Managed Switches Set the Dynamic and Static Limit on Port 1/0/1 The example is shown as CLI commands and as a local browser interface procedure. CLI: Set the Dynamic and Static Limit on Port 1/0/1 (Netgear Switch) (Config)#port-security Enable port-security globally (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 319
Series and M4300-96X Fully Managed Switches 2. Set the dynamic and static limit on the port 1/0/1: a. Select Security > Traffic Control > Port Security the Max Allowed Statically Locked MAC field, enter 3. d. Click Apply to save the settings. Security Management 319 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 320
M4300 Series and M4300-96X Fully Managed Switches Convert the Dynamic Address Learned from 1/0/1 to a Static Address The example is shown as CLI commands and as a local browser interface procedure. CLI: Convert the Dynamic Address Learned from 1/0/1 to the Static Address (Netgear Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 321
Series and M4300-96X Fully Managed Switches Create a Static Address The example is shown as CLI commands and as a local browser interface procedure. CLI: Create a Static Address (Netgear Switch) (Interface is forwarded between PC 1 and PC 2. Security Management 321 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 322
1/0/24)#exit (Netgear Switch) (Interface-vlan 192)#interface vlan 192 (Netgear Switch) (Interface-vlan 192)#routing (Netgear Switch) (Interface-vlan 192)#ip address 192.168.1.254 255.255.255.0 (Netgear Switch) (Interface-vlan 192)#exit Security Management 322 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 323
(Interface-vlan 202)ip address 10.100.5.34 255.255.255.0 (Netgear Switch) (Interface-vlan 202)#exit 3. Create a DHCP pool to allocated IP addresses to PCs. (Netgear Switch) (config)#service dhcp (Netgear Switch) (config)#ip dhcp pool pool-a (Netgear Switch) (Config-dhcp-pool)#dns-server 12.7.210.170 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 324
M4300-96X Fully Managed Switches Local Browser Interface: Configure a Protected Port to Isolate Ports on the Switch 1. Create a DHCP pool: Note: This example assumes that the DHCP service is enabled. For information about how to enable the DHCP service Management 324 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 325
Series and M4300-96X Fully Managed Switches 2. Configure a VLAN and include ports 1/0/23 and 1/0/24 in the VLAN: a. Select Routing > VLAN > VLAN Routing . • In the Network Mask field, enter 255.255.255.0. c. Click Unit 1. The ports display: Security Management 325 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 326
Series and M4300-96X Fully Managed Switches d. Click the gray box under port 48 twice until U displays. The U specifies that the egress packet port 23 and port 24 as protected ports: a. Select Security > Traffic Control > Protected Port. Security Management 326 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 327
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Protected Ports Configuration, click Unit 1. The ports RADIUS server Layer 2 switch PC 1 PC 2 Figure 35. Using 802.1x port security Security Management 327 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 328
M4300 Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear RADIUS client and the server. Netgear Switch) (Config)#radius server key Netgear Switch) (Config)#radius server msgauth 10.100.5.17 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 329
M4300-96X Fully Managed Switches 6. Configure an accounting server. (Netgear Switch) (Config)#radius accounting mode (Netgear Switch) (Config)#radius server host acct 10.100.5.17 7. Configure the shared secret between the accounting server and the client. (Netgear 329 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 330
Series and M4300-96X Fully Managed Switches Now 1/0/1 appears in the Interface field at the top. c. Enter the following information: • In the . b. Select the check box beforedot1xList. c. In the 1 list, select RADIUS. d. Click Apply. Security Management 330 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 331
Series and M4300-96X Fully Managed Switches 5. Set port 1/0/19 to force authorized mode. (In this case, the RADIUS server is . a. Select Security > Management Security > Server Configuration. A screen similar to the following displays. Security Management 331 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 332
M4300 Series and M4300-96X Fully Managed Switches b. In the Server Address field, enter 10.100.5.17. c. In the Secret Configured field, select Yes. field, enter 10.100.5.17. c. In the Accounting Mode field, select Enable. d. Click Apply. Security Management 332 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 333
M4300-96X Fully Managed Switches Create a Guest VLAN The guest VLAN feature allows a switch to provide a distinguished service Guest VLAN If a port is in port-based mode, and a client that does not support 802.1X is connected to an unauthorized port that has 802.1X enabled, the client does Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 334
Series and M4300-96X Fully Managed Switches CLI: Create a Guest VLAN 1. Enter the following commands: (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 2000 (Netgear Switch) (Vlan)#exit (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#vlan participation include - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 335
Series and M4300-96X Fully Managed Switches 4. Enable the guest VLAN on ports 1/0/1 and 1/0/24. (Netgear Switch) #show dot1x detail 1/0/1 Protocol Version 1 PAE VLAN > Basic > VLAN Configuration. A screen similar to the following displays. Security Management 335 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 336
Series and M4300-96X Fully Managed Switches b. In the VLAN ID field, enter 2000. c. In the VLAN Type field, select Static. d. Click Add. the local browser interface. a. Select Security > Port Authentication > Basic > 802.1x Configuration. Security Management 336 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 337
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Administrative Mode, select the Enable radio button. c. Click c. In the Secret Configured field, select Yes. d. In the Secret field, enter 12345. Security Management 337 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 338
Series and M4300-96X Fully Managed Switches e. Click Add. 7. Configure the guest VLAN. a. Select Security > Port Authentication > Advanced > Port Authentication. -Group-ID = VLANID where VLANID is 12 bits, with a value between 1 and 4094. Security Management 338 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 339
and M4300-96X Netgear Switch) #exit 2. Enable dot1x authentication on the switch (Netgear Switch) (Config)#dot1x system-auth-control 3. Use the RADIUS as the authenticator. (Netgear Switch) (Config)#aaa authentication dot1x default radius Security Management 339 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 340
Series and M4300-96X Fully Managed Switches 4. Enable the switch to accept VLAN assignment by the RADIUS server. (Netgear Switch) (Config)#authorization network radius 5. Set the RADIUS server IP address. (Netgear Switch) (Config)#radius server host auth 192.168.0.1 6. Set the NAS-IP address for - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 341
Series and M4300-96X Fully Managed Switches 8. Show the dot1x detail for 1/0/5. (Netgear Switch) #show dot1x detail 1/0/5 Port 1/0/5 Protocol Version 1 PAE Capabilities Authenticator 0 Session Timeout 0 Session Termination Action Default Security Management 341 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 342
Series and M4300-96X Fully Managed Switches Local Browser Interface: Assign VLANS Using RADIUS 1. Assign the IP address for the web mode on ports 1/0/6 and 1/0/12. a. Select Security > Port Authentication > Advanced > Port Authentication. Security Management 342 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 343
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under Port Authentication, scroll down and list. a. Select Security > Management Security > Authentication List > Dot1x Authentication List. Security Management 343 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 344
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Select the defaultList check box. c. In the 1 list, select Secret Configured field, select Yes. d. In the Secret field, enter 12345. e. Click Add. Security Management 344 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 345
M4300 Series and M4300-96X Fully Managed Switches Dynamic ARP Inspection Dynamic ARP inspection (DAI) is a security feature that rejects invalid and malicious ARP packets. IP address: 192.168.10.86 (obtained) HW address: 00:16:76:A7:88:CC Security Management 345 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 346
and M4300-96X Fully Managed Switches CLI: Configure Dynamic ARP Inspection 1. Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping 2. Enable DHCP snooping in a VLAN. (Netgear Switch) Static Mapping on page 350. Security Management 346 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 347
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Dynamic ARP Inspection 1. Enable DHCP snooping globally. a. Select Security > the VLAN ID field, enter 1. c. In the DHCP Snooping Mode field, select Enable. Security Management 347 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 348
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. 3. Configure the port through which the DHCP 4. View the DHCP Snooping Binding table. a. Select Security > Control > DHCP Snooping Binding Configuration. Security Management 348 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 349
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. 5. Enable ARP Inspection in VLAN 1. a. Select Security > Control > Dynamic ARP for ARP inspection. If there are trusted ports, you can configure them as Security Management 349 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 350
Series and M4300-96X Fully Managed Switches trusted in the next step. ARP packets received on the and as a local browser interface procedure. CLI: Configure Static Mapping 1. Create an ARP ACL. (Netgear Switch) (Config)# arp access-list ArpFilter Security Management 350 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 351
M4300-96X Fully Managed Switches 2. Configure the rule to allow the static client. (Netgear Switch) (Config-arp-access-list)# permit ip host 192.168.10.2 mac host 00:11:85:ee:54:e9 3. Configure ARP ACL used for VLAN 1. (Netgear . e. Click Add. Security Management 351 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 352
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. 3. Configure the ARP ACL used for VLAN 1. a. Select Security > Control > to be trusted or untrusted. DHCP servers must be reached through trusted ports. Security Management 352 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 353
M4300 Series and M4300-96X Fully Managed Switches Interface 1/0/1 Switch Interface 1/0/1 DHCP server Figure 39. DHCP Snooping DHCP client The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure DHCP Snooping 1. Enable DHCP snooping globally. (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 354
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure DHCP Snooping 1. Enable DHCP snooping globally: a. Select Security > Configuration. A screen similar to the following displays. b. In the VLAN ID list, select 1. Security Management 354 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 355
M4300 Series and M4300-96X Fully Managed Switches c. For DHCP Snooping Mode, select the Enable radio button. A screen similar to the Security > Control > DHCP Snooping Binding Configuration. A screen similar to the following displays. Security Management 355 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 356
M4300 Series and M4300-96X Fully Managed Switches Find a Rogue DHCP Server If you enable DHCP snooping, you can find a rogue DHCP server in the network. CLI: Find a Rogue DHCP server 1. Check the statistics on the untrusted ports. (NETGEAR Security Management 356 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 357
Series and M4300-96X Fully Managed Switches 2. Control the logging DHCP messages filtration by the DHCP Snooping application for port 1/0/27. (Netgear Switch) (Interface 1/0/27)#ip dhcp snooping log-invalid Rec'd column increase for any port. Security Management 357 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 358
M4300 Series and M4300-96X Fully Managed Switches c. The previous figure shows that the messages increased for port 1/0/27, indicating that the port is connected to a rogue DHCP server is 10.100.5.253 and the MAC address is 00:26:F2:F6:B3:6C. Security Management 358 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 359
M4300-96X Fully Managed Switches Enter Static Binding into the Binding Database You can also enter the static binding into the binding database. CLI: Enter Static Binding into the Binding Database 1. Enter the DHCP snooping static binding. (Netgear Management 359 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 360
M4300 Series and M4300-96X Fully Managed Switches 3. Check to make sure that the (Netgear Switch) #show ip dhcp snooping interfaces 1/0/2 Interface ---------- Trust State Rate Limit (pps) Burst Interval (seconds) 1/0/2 No 5 1 Security Management 360 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 361
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure the Maximum Rate of DHCP Messages 1. Select Security > Control > DHCP Snooping > Interface source IP address or both the source IP address and source MAC address. Security Management 361 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 362
Series and M4300-96X Fully Managed Switches Static client IP address: 192.168.10.1 HW address: 00: Dynamic ARP Inspection 1. Enable DHCP snooping globally. (Netgear Switch) (Config)# ip dhcp snooping 2. Enable DHCP snooping in a VLAN. (Netgear Switch) (Config)# ip dhcp snooping vlan 1 Security - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 363
DHCP Snooping Binding table, you can add the entry manually through the ip verify binding mac-address vlan vlan-id ip-address interface interface-id command in global configuration mode. 5. Enable IP Source Guard in interface 1/0/2. (Netgear Switch) (Interface 1/0/2)#ip verify source [port-security - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 364
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Dynamic ARP Inspection 1. Enable DHCP snooping globally. a. Select Security > DHCP Snooping Mode field, select Enable. A screen similar to the following displays. Security Management 364 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 365
Series and M4300-96X Fully Managed Switches d. Click Apply. A screen similar to the following displays. 3. Configure the port through 4. View the DHCP Snooping Binding table. Select Security > Control > DHCP Snooping Binding Configuration. Security Management 365 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 366
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. 5. Enable IP source guard in the interface 1/0/2. a. Select Security > , enter 192.168.10.80. f. Click Add. A screen similar to the following displays. Security Management 366 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 367
Specify the command in the following format. netgear-cmdAuth = "deny:spanning-tree;interface *", Note: The maximum length of the command string in the vendor attribute cannot be longer than 64 bytes. RADIUS-based command authorization supports a maximum of 50 commands. Note: You can use both - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 368
commands commandList (Netgear Switch)(Config-telnet) #exit (Netgear Switch)(Config) #exit 5. Configure a TACACS+ server. (Netgear Switch)(Config)#tacacs-server host 10.100.5.13 (Netgear Switch)(Config)#tacacs-server key 12345678 Security Management 368 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 369
Series and M4300-96X Fully Managed Switches 6. Verify that command and privileged EXEC authorization are set up for Telnet. (Netgear Switch)#show authorization methods accounting syslog; accounting file = /var/log/tac_plus/tac_plus.acct Security Management 369 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 370
M4300 Series and M4300-96X Fully Managed Switches 8. Using Linux on the TACACS server, allow a user named eric to access specific commands in the file tac_plus.conf. user = eric { # member = network_user { default service = deny login = des qbVVseTcbtzS2 service = exec { priv-lvl = 15 } cmd = show { - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 371
M4300-96X Fully Managed Switches 2. Change the authentication mode for Telnet users to RADIUS. (Netgear Switch)(Config)#aaa authentication login networkList radius 3. Verify that RADIUS authentication is set up for Telnet users. (Netgear as the authorization. (Netgear Switch)(Config)# aaa - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 372
M4300 Series and M4300-96X Fully Managed Switches 6. Verify that command authorization is set up for Telnet. (Netgear configure NETGEAR as the netgear 4526 BEGIN-VENDOR netgear ATTRIBUTE netgear-cmdAuth-deny 1 END-VENDOR netgear := "testing" Service-Type = Login-User, netgear-cmdAuth-deny = - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 373
M4300 service-type attribute 6 or Cisco vendor-specific attribute (VSA) "shell:priv-lvl" is used. If the service support authorization, the privilege level attribute must be returned with the authentication response. If the service users to TACACS. (Netgear Switch)(Config)#aaa authentication - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 374
Switch)(Config)#aaa authorization exec "execList" tacacs 4. Configure EXEC authorization for Telnet. (Netgear Switch)(Config)#line telnet (Netgear Switch)(Config-telnet)#authorization exec execList (Netgear Switch)(Config-telnet)#exit Security Management 374 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 375
M4300 Series and M4300-96X Fully Managed Switches 5. Verify that EXEC authorization is set up for Telnet. (Netgear Switch) conf. user = eric { # member = network_user { default service = permit login = des qbVVseTcbtzS2 service = exec { priv-lvl = 15 } Security Management 375 Software - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 376
M4300 switch. (Netgear Switch) #config (Netgear Switch) (Config)#radius server host auth 172.26.2.41 (Netgear Switch) for Telnet users to RADIUS. (Netgear Switch)(Config)#aaa authentication login networkList radius Telnet users. (Netgear Switch) #show the authorization. (Netgear Switch)(Config)# - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 377
M4300 Series and M4300-96X Fully Managed Switches 5. Configure EXEC authorization for Telnet. (Netgear Switch) (Config)#line telnet (Netgear Switch) (Config-telnet)# authorization exec execList (Netgear Switch) (Config-telnet)#exit 6. Verify that EXEC authorization is set up for Telnet. (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 378
tool for security services. • Account when a user logs in and logs out of a user EXEC session. CLI: Configure Telnet Command Accounting by a TACACS+ Server Note: TACACS+ accounting supports both user EXEC command authorization and privileged EXEC command authorization. (Netgear Switch)(Config - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 379
M4300 Series and M4300-96X Fully Managed Switches Configure Telnet EXEC Accounting by RADIUS Server RADIUS accounting supports EXEC mode but does not support command mode. (Netgear Switch)(Config)#radius server host acct 10.100.5.13 (Netgear Security Management 379 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 380
Series and M4300-96X Fully Managed Switches Use the Authentication Manager to Set Up an Authentication Method List The authentication authenticated through a lower-priority method to be reauthenticated through the higher-priority method. Security Management 380 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 381
Series and M4300-96X Fully Managed Switches Configure a Dot1x-MAB Authentication Method List with Dot1x-MAB Priority Note: This section describes how Figure 41. Dot1x, MAB, and captive portal authentication method list with default priority Security Management 381 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 382
Series and M4300-96X Fully Managed Switches The CLI command to enable authentication is as follows. (Netgear Switch)#configure (Netgear Switch)(Config)#authentication enable Configure a Dot1x-MAB method, see Chapter 36, Captive Portals. Security Management 382 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 383
Series and M4300-96X Fully Managed Switches Authentication manager (Select the authentication method) the list. The CLI command to enable authentication is as follows. (Netgear Switch)#configure (Netgear Switch)(Config)#authentication enable Security Management 383 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 384
M4300 Series and M4300 . A NETGEAR switch can detect these messages on UDP port number 3799. When a NETGEAR switch receives generated with an Error-Cause attribute as Unsupported Service. • If the DAS does not perform authentication, authenticate a user, and manually disconnect a user: 1. Configure - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 385
M4300-96X Fully Managed Switches The switch functions as the Dynamic Authorization Server (DAS). (Netgear Switch) #config (Netgear Switch) (Config)#interface vlan 1 (Netgear Switch) (Interface vlan 1)#ip address 172.26.2.145 /24 2. Configure the RADIUS server. (Netgear Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 386
M4300 period that you can configure manually. The switch then allows RA , the IPv6 RA Guard feature supports only the stateless mode. To configure Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#ipv6 nd raguard attach-policy (Netgear Switch) (Interface 1/0/1)#exit (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 387
M4300-96X Fully Managed Switches 2. Display the configuration of the IPv6 RA Guard feature on port 1/0/1. (Netgear dropped by the IPv6 RA Guard feature. (Netgear Switch) #Show ipv6 snooping counters IPv6 Dropped Messages authentication method. (Netgear Switch) (Config)#aaa authentication - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 388
M4300 Series and M4300-96X Fully Managed Switches 2. Check if the networkList method changes from local to radius. (Netgear Switch) #show authentication methods Login > SSH > SSH Configuration. A screen similar to the following displays. Security Management 388 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 389
Series and M4300-96X Fully Managed Switches b. Check if the Login Authentication List field is networkList. c. Check the same on Security > Access > Telnet > Name field at the top. c. Select the Radius in the dropbox for 1. d. Click Apply. Security Management 389 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 390
17 17MAB MAC Authentication Bypass This chapter includes the following sections: • MAC Authentication Bypass Concepts • Configure MAC Authentication Bypass on a Switch • Configure a Network Policy Server on a Microsoft Windows Server 2008 R2 or Later Server • Configure an Active Directory on a - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 391
Series and M4300-96X Fully Managed Switches MAC Authentication Bypass Concepts MAC Authentication Bypass (MAB) provides 802.1X-unaware clients controlled access times out, the switch denies the client access. The following figure illustrates MAB operation. MAB 391 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 392
Series and M4300-96X Fully Managed Switches 1. Traffic from an unknown client The switch learns the MAC address 2. EAPoL Request Identity message (30 seconds) IP address 10.1.10.50 Figure 45. MAB topology with a switch, IP phone, and Microsoft server MAB 392 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 393
Series and M4300-96X Fully Managed Switches Configure MAC Authentication Bypass on a Switch This ). (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#dot1x port-control force-authorized (Netgear Switch) (Interface 1/0/1)#exit MAB 393 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 394
M4300 Series and M4300-96X Fully Managed Switches 5. Configure MAB on the port that connects to the IP phone (port 1/0/10 in this example). (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/10 (Netgear Switch) (Interface 1/0/10)#dot1x port-control mac-based (Netgear Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 395
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Select the dot1xList check box. c. From the 1 menu, select Message Authenticator menu, select Enable. • From the Server Type menu, select Standard. c. Click Add. MAB 395 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 396
M4300 Series and M4300-96X Fully Managed Switches 4. Configure the port that connects to the Microsoft network policy server (in this example, port 1/0/1) to settings: • From the Control Mode menu, select MAC Based. • From the MAB menu, select Enable. MAB 396 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 397
and M4300-96X problems might require that you reinstall your Microsoft operating system. Modify the registry at your own risk. To reenable EAP-MD5 support in Microsoft Windows Vista, add the following registry entries: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 398
Series and M4300-96X Fully Managed Switches Value type: REG_DWORD Value data: 00000001 2. If your Windows server 2008 R2 does not have service pack 1 installed, download and install Microsoft hot fix KB981190 from the following Microsoft website: http://support.microsoft.com/kb/981190. 3. On the - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 399
Series and M4300-96X Fully Managed Switches b. Double-click Secured Wired (Ethernet) Connections. The Secure Wired (Ethernet) Connections Properties pop-up radio button cleared. e. Click the Apply button. f. Click the Conditions tab. The screen adjusts. MAB 399 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 400
M4300 Series and M4300-96X Fully Managed Switches g. Configure the NAS Port Type field as Ethernet. h. Click the Apply button. i. Click the Settings tab. The screen adjusts. MAB 400 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 401
Series and M4300-96X Fully Managed Switches j. Select the Override Network policy authentication Configure the network policies for the network policy server: a. Click Network Policy and Access Services > NPS > Policies > Network Policies. b. Double-click Secured Wired (Ethernet) Connections. - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 402
Series and M4300-96X Fully Managed Switches c. Select the Policy enabled check box. d. Select the Grant access radio button. e. From the Type Vendor specific radio button cleared. f. Click the Apply button. g. Click the Conditions tab. The screen adjusts. MAB 402 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 403
M4300 Series and M4300-96X Fully Managed Switches h. Configure the NAS Port Type field as Ethernet. i. Click the Apply button. j. Click the Constraints tab. The screen adjusts. MAB 403 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 404
Series and M4300-96X Fully Managed Switches k. Under the EAP Types field, click the Add button. l. From the menu, select MD5-Challenge. m. Click EAP Types field, select MD5-Challenge. o. Click the Apply button. p. Click the Settings tab. The screen adjusts. MAB 404 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 405
Series and M4300-96X Fully Managed Switches q. Select all four encryption check boxes, including the No encryption check box. r. Click the Apply connection. • Password. Any temporary password. 2. Right-click the new user account name and select Properties. MAB 405 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 406
M4300 Series and M4300-96X Fully Managed Switches 3. Select the Password never expires check box. 4. Select the Store password using reversible encryption check box. 5. the device for which you want to allow a connection, and use uppercase letters only. MAB 406 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 407
Series and M4300-96X Fully Managed Switches Reduce the period timer to 10 seconds using the CLI: (Netgear Switch) #config (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#dot1x timeout guest-vlan-period value. 4. Click Apply. MAB 407 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 408
18 18SNTP Simple Network Time Protocol This chapter includes the following sections: • Simple Network Time Protocol Concepts • Show SNTP (CLI Only) • Configure SNTP • Set the Time Zone (CLI Only) • Set the Named SNTP Server 408 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 409
M4300 used in broadcast or unicast mode. • It supports SNTP client implemented over UDP, which listens on port commands used in the SNTP feature. show sntp (Netgear Switch) #show sntp? client server show sntp client (Netgear Switch) #show sntp client Client Supported Modes: SNTP Version - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 410
Series and M4300-96X Fully Managed Switches show sntp server (Netgear Switch) #show sntp server Server IP Address: Server Type: Server Stratum: Server Reference Id: Server Mode: Server Maximum format. In that case, use the ping command on the PC to find SNTP 410 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 411
M4300 Series and M4300-96X Fully Managed Switches the server's IP address. The following example configures the SNTP server IP address to 208.14.208.19. (Netgear Switch) (Config)#sntp server 208.14.208.19 2. Unicast Requests: 2 Failed Unicast Requests: 0 SNTP 411 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 412
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure SNTP 1. Configure the SNTP server. a. Select System > Management > . a. Select System > Management > Time > SNTP Global Configuration. A screen similar to the following displays. SNTP 412 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 413
Series and M4300-96X Fully netgear.com where 192.168.1.1 is the public network gateway IP address for your device. This method of setting DNS name look-up can be used for any other applications that require a public IP address, for example, a RADIUS server. SNTP 413 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 414
Series and M4300-96X Fully Managed Switches Local Browser Interface: Set the Named SNTP Server 1. the following information: • In the Server Type list, select DNS. • In the Address field, enter time-f.netgear.com • In the Port field, enter 123. • In the Priority field, enter 1. • In the Version - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 415
M4300 Series and M4300-96X Fully Managed Switches b. Enter the following information: • For DNS Status, select the Enable radio button • In the DNS Server field, enter 192.168.1.1. c. Click Add. SNTP 415 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 416
19 19Tools Tools to manage, monitor, and personalize the switch and network This chapter includes the following sections: • Traceroute • Configuration Scripting • Pre-Login Banner • Port Mirroring • Remote SPAN • Dual Image • Outbound Telnet • Error Disablement and Automatic Error Recovery • Loop - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 417
Series and M4300-96X Fully Managed Switches Traceroute This the packet takes 16 hops to reach its destination. CLI: Traceroute (Netgear Switch) #traceroute? Enter IP address. (Netgear Switch) #traceroute 216.109.118.74 ? Press Enter ms Tools 417 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 418
Series and M4300-96X Fully Managed Switches Local Browser Interface: Traceroute 1. Select Maintenance > Troubleshooting > Traceroute. A screen similar to the following displays. Use this screen to . • Provides script format of one CLI command per line. Tools 418 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 419
M4300 Series and M4300 the script will run successfully. script Command (Netgear Switch) #script ? apply delete list show Command and script delete Command (Netgear Switch) #script list Configuration Script script(s) found. 1020706 bytes free. (Netgear Switch) #script delete basic.scr Are - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 420
M4300 Series and M4300-96X Fully Managed Switches script apply running-config.scr Command (Netgear Switch) #script apply running-config.scr Are you sure you want to apply the want to start? (y/n) y File transfer operation completed successfully. Tools 420 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 421
and M4300-96X 2. Transfer the file from the PC to the switch using TFTP. (Netgear Switch) #copy tftp://192.168.77.52/banner.txt nvram:clibanner Mode y CLI Banner file transfer operation completed successfully! (Netgear Switch) #exit (Netgear Switch) >logout Login Banner - Unauthorized access is - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 422
Series and M4300-96X Fully Managed Switches Port Mirroring The port mirroring feature: • Allows Netgear Switch)(Config)#exit (Netgear Switch)#show monitor session 1 Session ID Admin Mode Probe Port Mirrored Port 1 Enable 1/0/3 1/0/2 Tools 422 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 423
Series and M4300-96X Fully Managed Switches Local Browser Interface: Specify the Source (Mirrored) Ports and Destination (Probe) 1. Select Monitoring > Mirroring remote switched port analyzer (RSPAN), you can extend mirroring to all participating switches. Tools 423 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 424
Series and M4300-96X Fully Managed Switches Switch 1 Reflected port 1/0/ 1/0/23 RSPAN VLAN switch and destination switch with the RSPAN VLAN. Only one RSPAN VLAN is supported. On the source switch, the traffic that is received on and transmitted from ) Tools 424 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 425
M4300-96X Fully Managed Switches (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#vlan 5 (Netgear Switch) (Config)(Vlan 5)#remote-span (Netgear Switch) (Config)(Vlan 5)#exit (Netgear Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 426
M4300-96X Fully Managed Switches (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#vlan 5 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#vlan 5 (Netgear Switch) (Config)(Vlan 5)#remote-span (Netgear Switch) (Config)(Vlan 5)#exit (Netgear Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 427
M4300 Series and M4300-96X Fully Managed Switches The Dual Image feature works seamlessly with the stacking feature. All members in the stack must be uniform in their support correct the problem, by using appropriate stacking commands. CLI: Download a Backup Image and Make It Active (Netgear Switch) - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 428
Series and M4300-96X Fully Managed Switches Images currently available on Flash unit image1 image2 current-active next-active 1 5.11.2.51 8.0.0.2 image1 image1 (Netgear Switch) #boot system image2 Activating image image2 .. (Netgear Switch) #show bootvar Image Descriptions - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 429
Series and M4300-96X Fully Managed Switches Your settings are saved. 2. Activate image2. a. Select Maintenance > File Management > Dual Image Configuration. A screen each other's terminals and terminal handling conventions. • Must use a valid IP address. Tools 429 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 430
M4300-96X Fully Managed Switches CLI: show network (Netgear Switch) >telnet 192.168.77.151 Trying 192.168.77.151... (Netgear Switch) User:admin Password: (Netgear Switch) >en Password: (Netgear Enable Java Mode Disable CLI: show telnet (Netgear Switch)#show telnet Outbound Telnet Login Timeout ( - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 431
M4300 Series and M4300-96X Fully Managed Switches CLI: transport output telnet (Netgear Switch) (Config)#lineconfig ? Press Enter to execute the command. (Netgear Switch) (Config)#lineconfig (Netgear Switch) (Line)#transport ? input output Displays the protocols to use to connect to a - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 432
and M4300-96X Netgear Switch) (Line)#session-limit ? allowed. Configure the maximum number of outbound telnet sessions (Netgear Switch) (Line)#session-limit 5 (Netgear Switch) (Line)#session-timeout ? Enter time in minutes. (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 433
Series and M4300-96X Fully Managed Switches saved. Error Disablement and Automatic Error Recovery The switch supports interface error disablement, also referred to as Diagnostic Disable until the interface is reenabled. Either you can manually reenable the error-disabled interface or you can enable - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 434
Series and M4300-96X Fully Managed Switches The following features are supported by autorecovery: • Keepalive. If loop protection is enabled, loop protection detects a loop, and the loop , the interface comes back up after the time-out interval expires. Tools 434 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 435
Netgear Switch) #show errdisable recovery Errdisable Reason dhcp-rate-limit arp-inspection udld bcast-storm mcast-storm ucast-storm bpduguard bpdustorm keepalive Port MAC Locking Denial Of Service the performance of the network. Detecting loops manually can be cumbersome. The switch can - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 436
and M4300-96X Fully protection on ports 1/0/1 and 1/0/2: 1. Enable loop protection globally. (Netgear Switch) (Config) #keepalive Enable loop protection on ports 1/0/1 and message. (Netgear Switch) (Config)#interface 1/0/1,1/0/2 (Netgear Switch) (Interface 1/0/1-1/0/2)#keepalive (Netgear Switch) - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 437
Series and M4300-96X Fully Managed Switches Nondisruptive Configuration Management If you are Nondisruptive Configuration Management feature: 1. Download the file with the new configuration to switch. (Netgear Switch) # Copy tftp://172.26.2.21/new_config.scr nvram:script new_config.scr 2. Merge - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 438
M4300- on the front panel. (Netgear Switch) (Config) #exception protocol tftp 2. Configure the IP address for the NFS or TFTP server. (Netgear Switch) (Config) #exception core, but you can change it with the following command: (Netgear Switch) (Config) #exception core-file mydump 4. (Optional) - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 439
20 20Syslog System logging This chapter includes the following sections: • Syslog Concepts • Show Logging • Show Logging Buffered • Show Logging Traplogs • Show Logging Hosts • Configure Logging for a Port • Email Alerting 439 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 440
M4300 Series and M4300-96X Fully Managed Switches Syslog Concepts The CLI commands and as a local browser interface procedure. CLI: Show Logging (Netgear Switch) #show logging Logging Client Local Port : CLI Command Logging : : 66 : 0 : 0 : 0 Syslog 440 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 441
Series and M4300-96X Fully Managed Switches Local Browser Interface: Show Logging 1. Configure the syslog. a. From the main menu, select Monitoring > the console log. a. Select Monitoring > Logs > Console Log. A screen similar to the following displays. Syslog 441 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 442
Series and M4300-96X Fully Managed Switches b. Under Console Log Configuration, for Admin Status, select the Disable radio button. c. Click Apply. 4. Configure . b. Under Buffer Logs, for Admin Status, select the Enable radio button. c. Click Apply. Syslog 442 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 443
M4300 Series and M4300-96X Fully Managed Switches Show Logging Buffered The example is shown as CLI commands and as a local browser interface procedure. CLI: Show Logging Buffered (Netgear Switch) #show logging buffered ? Press Enter to execute the command. (Netgear Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 444
Series and M4300-96X Fully Managed Switches Local CLI: Show Logging Traplogs (Netgear Switch) #show logging traplogs ? Press Enter to execute the command. (Netgear Switch) #show logging traplogs : 1 Multiple Users: Unit: 0 Slot: 3 Port: 1 Syslog 444 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 445
M4300-96X Fully Managed Switches Local Browser Interface: Show Logging Trap Logs Select Monitoring > Logs > Trap Logs. A screen similar to the following displays. Show Logging Hosts The example is shown as CLI commands and as a local browser interface procedure. CLI: Show Logging Hosts (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 446
and M4300-96X Configure Logging for the Port (Netgear Switch) #config (Netgear Switch) (Config)#logging ? Host Syslog Configuration. (Netgear Switch) (Config)#logging reconfigure Logging Host Reconfiguration remove Logging Host Removal (Netgear Switch) (Config)#logging host 192.168.21. - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 447
M4300-96X Fully Managed Switches (Netgear Switch) (Config)#logging host 192.168.21.253 4 ? Press Enter to execute the command. Enter Logging Severity Level (emergency|0, alert|1, critical|2, error|3, warning|4, notice|5, info|6, debug|7). (Netgear Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 448
Series and M4300-96X Fully Managed Switches Email Alerting Email alerting is an extension of the logging system. The logging system allows you to ignored and all log messages that were not sent previously are immediately forwarded to the SMTP server. Syslog 448 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 449
Series and M4300-96X Fully Managed Switches CLI: Send Log Messages to [email protected] Using Account [email protected] 1. Configure an SMTP server, for example, smtp.netgear.com. Before you configure the SMTP server, you need to have an account on SMTP server. (Netgear Switch) (Config)#mail-server - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 450
describes the concepts and recommended operating procedures to manage NETGEAR stackable managed switches that are running release 12.0 to a Different Unit Note: On model M4300-96X in which an APM402XL port card is installed, the APM402XL port card supports stacking over 40G ports only (that is, - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 451
M4300 Series and M4300-96X Fully Managed Switches Switch Stack Management and Connectivity You manage the switch stack through the stack master. You shows an example of switches that are interconnected to form a stack. Figure 49. Stacked switches Switch Stacks 451 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 452
M4300 Series and M4300-96X Fully Managed Switches Stack Master currently the stack master 2. The switch with the highest stack member priority value Note: NETGEAR recommends assigning the highest priority value to the switch that you prefer to be the stack Stacks 452 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 453
and M4300-96X of-the-box switch (one that did not join a switch stack or was not manually assigned a stack member number) ships with a default stack member number of 1. When models include a Hardware Installation Guide with information about rack mounting and stack cabling. Switch - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 454
M4300-24X - M4300-24XF - M4300-48X - M4300-48XF • 10G modular chassis model: - M4300-96X Install a Switch Stack To install a switch stack: 1. Install the switches in a rack. 2. Install all stacking cables, including the redundant stack link. NETGEAR Switch Stacks 454 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 455
M4300 Series and M4300-96X Fully Managed Switches This ensures that the second switch comes up as a , the output of the show switch command shows a code (firmware) mismatch error. Note: NETGEAR recommends that you schedule the firmware upgrade when there is no excessive network traffic (such as - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 456
Series and M4300-96X Fully Managed Switches To download new firmware to the master switch and other switches in the stack: 1. Using TFTP or to the master. This saved configuration is automatically propagated to all members of the stack. Switch Stacks 456 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 457
Series and M4300-96X Fully Managed Switches Local Browser Interface: Copy Master Firmware to a Stack Member 1. Select Maintenance > File Management > Copy. A screen 458 • Local Browser Interface: Copy Master Firmware to a Stack Member on page 457 Switch Stacks 457 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 458
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure the 10G Copper Ports as Stack Ports 1. On Switch A, configure the stack port and reboot the switch. (Netgear Switch) #show stack-port Link Down 10 2 0/28 Stack Stack Link Down 10 Switch Stacks 458 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 459
M4300 Series and M4300-96X Fully Managed Switches 3. On Switch B, configure the stack port and reboot the switch. (Netgear Switch) #show stack-port Configured Running Stack Stack Link Link Unit Interface 1 0/28 Stack Stack Link Down 10 Switch Stacks 459 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 460
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure the 10G Copper Ports as Stack Ports 1. On Switch A, Select System > Stacking > Advanced > Stack Port Configuration. A screen similar to the following displays. Switch Stacks 460 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 461
Series and M4300-96X Fully Managed Switches b. Scroll down and select the 1/0/28 check box. c. In the Configured Stack Mode menu, select Stack. the redundant stack connection is functional. All stack members must be connected in a logical ring. Switch Stacks 461 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 462
Series and M4300-96X Fully Managed Switches 2. Preconfigure any new switches. 3. Power off all new switches that must join the stack. CAUTION: If you members must be connected in a logical ring. 2. Power down the switch that you want to remove. Switch Stacks 462 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 463
Series and M4300-96X Fully Managed Switches CAUTION: If the switch stack is not cabled correctly, removing powered-on stack members might cause Cable the new switch, following the established order of stacking cables. 7. Power up the new switch. Switch Stacks 463 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 464
Series and M4300-96X Fully Managed Switches Verify, by switch stacks determined by existing stack through the stack ports. masters. Note: NETGEAR does not recommend this scenario. Only one of the stack masters becomes the stack master. Switch Stacks 464 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 465
Series and M4300-96X Fully Managed Switches Table 3. Switch stack master 1. Issue the member unit-id switchindex command. 2. To view the supported unit types, use the show supported switchtype command. 3. Configure the unit that you defined in Step 1, Stacks 465 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 466
M4300 Series and M4300-96X Fully Managed Switches When you ports joined before you issue a next command. • If specific numbering is required, NETGEAR recommends that you assign stack members their numbers when they are first installed and configured in Stacks 466 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 467
M4300 Series and M4300-96X Fully Managed Switches • If you need to reassign multiple existing stack unit numbers, the configuration could become mismatched. To avoid this situation, NETGEAR recommends that you power ID of the stacking member is 2. Switch Stacks 467 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 468
Series and M4300-96X Fully Managed Switches a different unit number, issue the following CLI command: (Netgear Switch) (Config)#stack (Netgear Switch) (Config-stack)#movemanagement 1 2 Local Browser Interface: Move 2. A warning window displays. Switch Stacks 468 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 469
Series and M4300-96X Fully Managed Switches 3. Click the OK button. 4. Click Apply to save the settings. Note: If the master receives its IP address a different unit, its IP address might change and you could lose the connection to the switch. Switch Stacks 469 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 470
22 22SNMP Simple Network Management Protocol This chapter includes the following sections: • Add a New Community • Enable SNMP Trap • SNMP Version 3 • sFlow • Time-Based Sampling of Counters with sFlow 470 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 471
and M4300-96X Fully Managed Switches Add a New Community The example is shown as CLI commands and as a local browser interface procedure. CLI: Add a New Community (Netgear switch) #config (Netgear switch 6. In the Status field, select Enable. 7. Click Add. SNMP 471 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 472
M4300-96X Fully Managed Switches Enable SNMP Trap The example is shown as CLI commands and as a local browser interface procedure. CLI: Enable SNMP Trap This example shows how to send SNMP trap to the SNMP server. (Netgear switch) #config (Netgear . SNMP 472 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 473
M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Link Up/Down, select the Enable radio button. c. Click Apply. SNMP Version 3 The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure SNMPv3 (Netgear Switch) #config (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 474
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure SNMPv3 1. Change the user password. If you set the authentication mode the DES radio button. e. In the Encryption Key field, enter 12345678. f. Click Apply to save the settings. SNMP 474 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 475
Series and M4300-96X Fully Managed Switches sFlow sFlow is the standard for monitoring high-speed switched and routed networks. sFlow technology IP address: 192.168.10.2 Figure 51. sFlow Uplink interface 1/0/24 Switch or router Interface 1/0/3 PC SNMP 475 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 476
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure Statistical Packet-Based Sampling of Packet Flows with sFlow 1. Configure the sFlow receiver (sFlow collector) IP address. In this example, sFlow samples will be sent to the destination address 192.168.10.2. (Netgear (Netgear (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 477
Series and M4300-96X Fully Managed Switches 5. View the sampling port configurations. (Netgear Switch)) #show sflow samplers Sampler Receiver Packet Data Source Index size. a. Select Monitoring > sFlow > Advanced > sFlow Interface Configuration. SNMP 477 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 478
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Select the Interface for all the ports to be polled. (Netgear Switch) (Config)# interface 1/0/1 (Netgear Switch) (Interface 1/0/1)# sflow poller 1 (Netgear Switch) (Interface 1/0/1)# sflow poller interval 300 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 479
Series and M4300-96X Fully Managed Switches 2. View the polling port configurations. (Netgear Switch) #show sflow pollers Poller Receiver Data Source Index ----------- --------- enter 300. A screen similar to the following displays. 4. Click Apply. SNMP 479 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 480
23 23DNS Domain Name System This chapter includes the following sections: • Domain Name System Concepts • Specify Two DNS Servers • Manually Add a Host Name and an IP Address 480 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 481
M4300 Netgear Switch)#config (Netgear Switch) (Config)#ip name-server 12.7.210.170 219.141.140.10 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#exit (Netgear Switch)#ping www.netgear.com Send count=3, Receive count=3 from 206.82.202.46 DNS 481 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 482
Series and M4300-96X Fully Managed Switches Local Browser Interface: Specify Two Manually Add a Host Name and an IP Address (Netgear Switch)#config (Netgear Switch) (Config)#ip host www.netgear.com 206.82.202.46 (Netgear Switch) (Config)#ip domain-lookup (Netgear Switch) (Config)#ping www.netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 483
Local Browser Interface: Manually Add a Host Name and an IP Address 1. Select System > Management > DNS > Host Configuration. A screen similar to the following displays. 2. Under DNS Host Configuration, enter the following information: • In the Host Name field, enter www.netgear.com. • In the - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 484
24 24DHCP Server Dynamic Host Configuration Protocol Server This chapter includes the following sections: • Dynamic Host Configuration Protocol Concepts • Configure a DHCP Server in Dynamic Mode • Configure a DHCP Server that Assigns a Fixed IP Address 484 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 485
Switch) (Interface-vlan 200)#ip address 192.168.100.1 255.255.255.0 (Netgear Switch) #config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config)#ip dhcp pool pool_dynamic (Netgear Switch) (Config)#network 192.168.100.0 255.255.255.0 Note: If there is no DHCP L3 relay between client - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 486
M4300 Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure a DHCP Server in Dynamic Mode 1. Create VLAN 200. a. Select Switching > VLAN > Basic packet is untagged for the port. e. Click Apply. 3. Assign PVID to the VLAN 200. DHCP Server 486 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 487
Series and M4300-96X Fully to save the settings. 4. Create a new DHCP pool. a. Select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. c. Click Apply to enable the DHCP service. d. Select System > Services > DHCP Server > DHCP Pool Configuration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 488
Series and M4300-96X Fully Managed Switches e. Under DHCP Pool (Netgear Switch)#config (Netgear Switch) (Config)#service dhcp (Netgear Switch) (Config)#ip dhcp pool pool_manual (Netgear Switch) (Config-dhcp-pool)#client-name dhcpclient (Netgear Switch DHCP Server 488 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 489
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure a DHCP Server that Assigns a Fixed IP Address 1. Select System > Services > DHCP Server > DHCP Server Configuration. A screen similar to the following displays. 2. For Admin Mode, select the Enable radio button. 3. Click - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 490
Series and M4300-96X Fully Managed Switches • In the Hardware Type list, select ethernet. • In the Host Number field, enter 192.168.200.1. • In the Days field, enter 1. 6. Click Add. The pool_manual name is now added to the Pool Name drop-down list. DHCP Server 490 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 491
25 25DHCPv6 Server Dynamic Host Configuration Protocol version 6 Server This chapter includes the following sections: • Dynamic Host Configuration Protocol Version 6 Concepts • CLI: Configure DHCPv6 Prefix Delegation • Local Browser Interface: Configure DHCPv6 Prefix Delegation • Configure a - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 492
IPv6 addresses statefully and distribute other configuration information such as domain name or DNS server. DHCPv6 supports stateful address allocation, prefix delegation, and stateless services. This chapter describes how to configure the prefix delegation mode using a DHCPv6 pool. When you create - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 493
)#ipv6 unicast routing 2. Create a DHCPv6 pool and enable DHCP service. (NETGEAR SWITCH) (Config)#service dhcpv6 (NETGEAR SWITCH) (Config)#ipv6 dhcp pool pool1 (NETGEAR SWITCH) (Config dhcp6 pool)#domain name netgear.com (NETGEAR SWITCH) (Config dhcp6s pool)#prefix delegation 2001:1::/64 00:01 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 494
M4300 Series and M4300-96X Fully Managed Switches 3. Enable DHCPv6 service on port 1/0/9. (NETGEAR SWITCH) (Config)#interface 1/0/9 (NETGEAR SWITCH) (Interface 1/0/9)#routing (NETGEAR SWITCH) (Interface 1/0/9)#ipv6 address 2001:1::1/64 (NETGEAR SWITCH) (Interface 1/0/9)#ipv6 enable (NETGEAR Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 495
Series and M4300-96X Fully Managed Switches 2. Enable IPv6 unicast globally. a. Select Routing > IPv6 > Basic > Global Configuration. A screen 4. Configure the prefix on interface 1/0/9. a. Select Routing > IPv6 > Advanced > Prefix Configuration. DHCPv6 Server 495 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 496
Series and M4300-96X Fully Managed created. 5. Enable the DHCPv6 server configuration. a. Select System > Services > DHCPv6 Server > DHCPv6 Server Configuration. A screen similar to named pool1. a. Select System > Services > DHCP Server > DHCPv6 Pool Configuration. DHCPv6 Server 496 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 497
M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Pool Name list, select Create. c. In the Pool Name field, enter pool1. d. Click Apply to save the settings. 7. Configure the prefix in the pool1. a. Select System > Services > Services > DHCPv6 Server - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 498
Series and M4300-96X Fully Managed server to clients that receive an IPv6 address in autoconfiguration mode or manual mode. The configured DHCP pool does not contain a prefix pool but 1. Enable IPv6 routing. (Netgear Switch) (Config)#ipv6 unicast-routing DHCPv6 Server 498 Software - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 499
M4300-96X Fully Managed Switches 2. Create an IPv6 pool with a DNS server and enable the DHCPv6 service. (Netgear Switch) (Config)#ipv6 dhcp pool ipv6_server (Netgear Switch) (Config-dhcp6s-pool)#dns-server 2011:9:18::1 (Netgear Switch) (Config-dhcp6s-pool)#exit (Netgear Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 500
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. enter 64. e. In the EUI64 field, select Disable. f. Click Add. 4. Enable DHCPv6 service. a. Select System > Services > DHCPv6 Server > DHCPv6 Server Configuration. DHCPv6 Server 500 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 501
M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply to save the settings. 5. Create a DHCPv6 pool. a. Select System > Services Select System > Services > DHCPv6 Server > DHCPv6 Interface Configuration. - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 502
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Select the that functions in stateful mode. CLI: Configure a Stateful DHCPv6 Server 1. Enable IPv6 routing. (Netgear Switch) (Config)#ipv6 unicast-routing DHCPv6 Server 502 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 503
M4300 Series and M4300-96X Fully Managed Switches 2. Create an IPv6 pool with a DNS server and enable the DHCPv6 service. (Netgear Switch) (Config)#ipv6 dhcp pool ipv6_server (Netgear Switch) (Config-dhcp6s-pool)#address prefix 2001:1:2::/64 (Netgear Switch) (Config-dhcp6s-pool)#exit (Netgear Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 504
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. 64. e. In the EUI64 field, select Disable. f. Click Add. 4. Enable the DHCPv6 service. a. Select System > Services > DHCPv6 Server > DHCPv6 Server Configuration. DHCPv6 Server 504 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 505
M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply to save the settings. 5. Create the DHCPv6 pool. a. Select System > Services pool. a. Select System > Services > DHCPv6 Prefix Delegation Configuration > - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 506
M4300-96X Fully Managed Switches A screen similar to the following displays. b. In Pool Name list, select ipv6_server. c. In the Prefix field, enter 2001:1:2::. d. In the Prefix Length field, enter 64. e. Click Add. 7. Enable the DHCPv6 pool on interface 1/0/1. a. Select System > Services Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 507
and M4300-96X service dhcpv6 (Netgear Switch) (Config)#ipv6 dhcp pool pool1 (Netgear Switch) (Config-dhcp6s-pool)#domain-name netgear.com (Netgear Switch) (Config-dhcp6s-pool)#address prefix 2001:2::/64 (Netgear Switch) (Config-dhcp6s-pool)#exit DHCPv6 Server 507 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 508
M4300 Series and M4300-96X Fully Managed Switches 3. Enable DHCPv6 service on VLAN 1. (Netgear Switch) (Config)#interface vlan 1 (Netgear Switch) (Interface vlan 1)#ipv6 address 2001:1::1/64 (Netgear Switch) (Interface vlan 1)#ipv6 enable (Netgear Switch) (Interface vlan 1)#ipv6 dhcp server pool1 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 509
Switch) (Interface 1/0/19)#vlan participation include 2 (Netgear Switch) (Interface 1/0/19)#ipv6 enable (Netgear Switch) (Interface 1/0/19)#exit 4. Enable DHCPv6. (Netgear Switch) (Config)#service dhcpv6 5. Display the DHCPv6 binding information. (Netgear Switch) #show ipv6 dhcp binding Total number - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 510
26 26DVLANs and Private VLANs Double VLANS and private VLAN groups This chapter includes the following sections: • Double VLANs • Private VLAN Groups 510 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 511
M4300-96X Fully Managed Switches Double VLANs This section describes how to enable the double DVLAN feature. Double VLANs pass traffic from one customer domain to another through the metro core. Custom VLAN IDs are preserved and a provider service and a service provider the NETGEAR the NETGEAR switch - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 512
Series and M4300-96X Fully Managed Switches CLI: Enable a Double VLAN Create a VLAN 200. (Netgear Switch)#vlan database (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#exit Add interface 1/0/24 to VLAN 200, add pvid 200 to port. (Netgear Switch) #config (Netgear Switch) (Config)#interface - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 513
Series and M4300-96X Fully Managed Switches b. Under VLAN Configuration, enter the following information: • In the VLAN ID field, enter 200. • In the VLAN Name the Interface field at the top. c. In the PVID (1 to 4093) field, enter 200. DVLANs and Private VLANs 513 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 514
Series and M4300-96X Fully Managed Switches d. Click Apply to save the settings. 4. Configure port 48 as the provider service port: a. Select Switching > VLAN > Advanced > Port DVLAN Configuration. A screen Apply to save the settings. DVLANs and Private VLANs 514 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 515
M4300 Series and M4300-96X Fully Managed Switches Private VLAN Groups The private VLAN group allows you to create groups of users within a Port 1/0/16 Group 1 Group 2 Figure 55. Private VLAN groups in community mode and isolated mode DVLANs and Private VLANs 515 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 516
and M4300-96X Fully Managed Switches CLI: Create a Private VLAN Group 1. Enter the following commands. (Netgear Switch) # (Netgear Switch) #vlan data (Netgear Switch) (Vlan)#vlan 200 (Netgear Switch) (Vlan)#exit (Netgear Switch) #config (Netgear Switch) (Config)#interface 1/0/6 (Netgear Switch - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 517
M4300-96X Fully Managed Switches 5. Add 1/0/16 and 1/0/7 to the private group 1. (Netgear Switch) (Config)#interface range 1/0/16-1/0/17 (Netgear Switch) (conf-if-range-1/0/16-1/0/17)#switchport private-group 2 6. Add 1/0/16 and 1/0/7 to the private group 2. (Netgear Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 518
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under VLAN Membership, in the VLAN ID list, Security > Traffic Control > Private Group VLAN > Private Group VLAN > Private Group Configuration. DVLANs and Private VLANs 518 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 519
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Group Name field, enter group1. c. , group2. a. Select Security > Traffic Control > Private Group VLAN > Private Group Configuration. DVLANs and Private VLANs 519 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 520
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Group Name field, enter group2. c. In the Group ID field under ports 16 and 17, and a check mark displays in each box. e. Click Apply. DVLANs and Private VLANs 520 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 521
27 27STP Spanning Tree Protocol This chapter includes the following sections: • Spanning Tree Protocol Concepts • Configure Classic STP (802.1d) • Configure Rapid STP (802.1w) • Configure Multiple STP (802.1s) • Configure PVSTP and PVRSTP 521 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 522
to support a Netgear switch) (Interface 1/0/3)# spanning-tree port mode Local Browser Interface: Configure Classic STP (802.1d) 1. Enable 802.1d on the switch. a. Select Switching > STP > STP Configuration. A screen similar to the following displays. STP 522 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 523
M4300 Series and M4300-96X Fully Managed Switches b. Enter the following information: • For Spanning Tree . CLI: Configure Rapid STP (802.1w) (Netgear switch) (Config)# spanning-tree (Netgear switch) (Config)# spanning-tree mode rstp (Netgear switch) (Interface 1/0/3)# spanning-tree port mode STP - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 524
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Rapid STP (802.1w) 1. Enable 802.1w on the switch: a. Select Switching > STP appears in the Interface field at the top. c. In the Port Mode field, select Enable. d. Click Apply. STP 524 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 525
M4300 Series and M4300-96X Fully Managed Switches Configure Multiple STP (802.1s) The example is shown as CLI commands and as a local browser interface procedure. CLI: Configure Multiple STP (802.1s) (Netgear switch) (Config)# spanning-tree (Netgear switch) (Config)# spanning-tree mode mst (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 526
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure Multiple STP (802.1s) 1. Enable 802.1s on the switch. a. Select Switching > STP field, enter 4096. • In the VLAN Id field, enter 2. • Click Add. • In the VLAN Id field, enter 3. STP 526 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 527
Series and M4300-96X Fully Managed Switches • Click Apply. c. Configure MST ID 2. • In the MST ID field, enter 2. • In the Priority field, enter 4096. • that are configured for PVRSTP. PVRSTP is equivalent to Cisco's RPVST+ and can interoperate with it. STP 527 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 528
Series and M4300-96X Fully Managed Switches Per VLAN Spanning Tree communicate with a switch that runs an IEEE standard spanning tree protocol. PVRSTP embeds support for the FastUplink feature to speed up the selection of a new root and the the designated STP 528 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 529
and M4300- Switch 1 and Switch 2. This example assumes that all switches can support PVSTP. CLI: Configure PVSTP on Switch 1 1. Ensure that ports PVSTP are transmitted in tagged packets. 2. Enable PVSTP. (Netgear Switch) #config (Netgear Switch) (Config)#spanning-tree mode pvst Note: After you - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 530
M4300-96X Fully Managed Switches 3. Verify the PVSTP status. (Netgear . (Netgear Switch) (Config)#spanning-tree uplinkfast (Netgear Switch , set the PVSTP priority to 0. (Netgear Switch) (Config)#spanning-tree vlan 1000 Netgear Switch) #config (Netgear Switch) (Config)#spanning- - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 531
M4300 Series and M4300-96X Fully Managed Switches 3. Verify the PVSTP status. (Netgear Netgear Switch) (Config)#spanning-tree backbonefast Local Browser Interface: Configure PVSTP You must configure PVSTP on Switch 1 and Switch 2. This example assumes that all switches can support Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 532
Series and M4300-96X Fully Managed Switches b. Configure the following settings: • For Spanning Tree Admin Mode, select the Enable radio button. VLAN 1002. a. Select Switching > STP > Advanced > PVST Interface. A screen similar to the following displays. STP 532 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 533
Series and M4300-96X Fully Managed Switches b. From the VLAN ID menu, select 1002. The roles of ports 1/0/1 and 1/0/2 display. 4. To enable the switch to be box for VLAN ID 1002. The settings for VLAN ID 1002 display in the fields in the table heading. STP 533 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 534
Series and M4300-96X Fully Managed Switches c. In the Priority field, enter 0. d. Click Apply. Local Browser Interface: Configure PVSTP on Switch 2 1. 1002. a. Select Switching > STP > Advanced > PVST Interface. A screen similar to the following displays. STP 534 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 535
M4300 Series and M4300-96X Fully Managed Switches b. From the VLAN ID menu, select 1002. The roles of ports 1/0/1 and 1/0/2 display. STP 535 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 536
28 28Tunnels for IPv6 6in4 tunnels and 6to4 tunnels This chapter includes the following sections: • Tunnel Concepts • Create a 6in4 Tunnel • Create a 6to4 Tunnel 536 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 537
Series and M4300-96X Fully Managed Switches is derived from the 6to4 IPv6 address of the tunnel's next hop. A 6to4 tunnel supports the functionality of a 6to4 border router that connects a 6to4 site to a 6to4 domain 6in4 tunnel configuration Tunnels for IPv6 537 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 538
M4300-96X Fully Managed Switches CLI: Create a 6in4 Tunnel You must configure Switch 1 and Switch 2. CLI: Create a 6in4 Tunnel on Switch 1 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear size 1280 bytes (Netgear Switch) #show - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 539
M4300 Series and M4300-96X Fully Managed Switches CLI: Create a 6in4 Tunnel on Switch 2 (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#interface 1/0/13 (Netgear Switch) (Interface 1/0/13)#routing (Netgear Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 540
Series and M4300-96X Fully Managed Switches a. Select Routing > IPv6 > Basic> Global Configuration. A screen similar to the following displays. . 4. Create a 6-in-4 tunnel interface. a. Select Routing > IPv6 > Advanced > Tunnel Configuration. Tunnels for IPv6 540 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 541
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Tunnel ID list, select 0. c. In the Mode forwarding and unicast routing on the switch. a. Select Routing > IPv6 > Basic > Global Configuration. Tunnels for IPv6 541 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 542
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable Click Apply. 4. Create a 6-in-4 tunnel interface. a. Select Routing > IPv6 > Advanced > Tunnel Configuration. Tunnels for IPv6 542 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 543
M4300 Series and M4300 prefix 2002::V4ADDR::/48. A NETGEAR switch behaves as a 6to4 Switch 3). This means the following: The NETGEAR switch forwards traffic from an IPv6 domain ( 2 and Switch 3). The NETGEAR switch forwards traffic from one 1 and Switch 2). The NETGEAR switch does not forward traffic - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 544
Series and M4300-96X Fully on Switch 1. (Netgear Switch) # config (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 195.1.3.2 255.255.255.0 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 545
M4300 Series and M4300-96X Fully Managed Switches 3. Configure the IPv6 address on the 6to4 tunnel in the format 2002:V4ADDR::Host/16, in which where V4ADDR is the source IPv4 address of the tunnel. The prefix length for the tunnel must be 16. (Netgear Switch) (Config)#interface tunnel 0 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 546
Series and M4300-96X Fully Managed Switches 7. Verify the configuration. (Netgear Switch) #show ipv6 route IPv6 Routing Table - 5 entries Codes: C and IPv6 routing on Switch 2. (Netgear Switch) # config (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config)#ip routing 2. Configure - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 547
and M4300-96X Fully Managed Switches 4. Configure the IPv6 address for routing port 2/0/3. The IPv6 address format is 2002:V4ADDR:Subnet::Host/64, in which V4ADDR is the source IPv4 address of the tunnel and Subnet is the subnet of 2002:V4ADDR::/64. (Netgear Switch) (Config)#interface 2/0/3 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 548
M4300 Series and M4300-96X Fully Managed Switches 3. Configure the IPv6 address on the 6to4 tunnel in the format 2002:V4ADDR::Host/16, in which where V4ADDR is the source IPv4 address of the tunnel. The prefix length for the tunnel must be 16. (Netgear Switch) (Config)#interface tunnel 0 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 549
Series and M4300-96X Fully Managed Switches Local Browser Interface: Create a 6to4 Tunnel You must configure Switch1, Switch2, and Switch 3. Local Browser Interface: c. Click Apply. 3. Create a routing interface and assign an IP address to it. Tunnels for IPv6 549 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 550
Series and M4300-96X Fully Managed Switches a. Select Routing > IP > Advanced > IP Interface the table heading. c. Configure the following settings: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 195.1.3.2. • In the Subnet Mask field, enter 255. - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 551
Series and M4300-96X Fully Managed Switches The settings for port 1/0/3 display in the fields in the table heading. c. Configure interface. a. Select Routing > IPv6 > Advanced > Tunnel Configuration. A screen similar to the following displays. Tunnels for IPv6 551 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 552
Series and M4300-96X Fully Managed Switches b. Configure the following tunnel settings: • In the Tunnel ID field, select 0. • In the Mode field, select 6-to Prefix Length field, enter 16. • In the Next Hop IPv6 Address Type field, select Global. Tunnels for IPv6 552 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 553
Series and M4300-96X Fully Managed Switches • In the Next Hop IPv6 Address field, enter 2002:c301:502::1. c. Click Add. 8. Create a static route for field, enter 255.255.255.0. • In the Next Hop Address field, enter 195.1.3.1. c. Click Add. Tunnels for IPv6 553 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 554
Series and M4300-96X Fully Managed Switches Local Browser Interface: Create a 6to4 Tunnel on Switch 2 1. Enable IP routing on Switch 2. a. Select Routing > > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. Tunnels for IPv6 554 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 555
M4300 Series and M4300-96X Fully Managed Switches b. Above the table heading, Under IP Interface the table heading. d. Configure the following settings: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 195.1.4.2. • In the Subnet Mask field, enter 255. - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 556
Series and M4300-96X Fully Managed Switches d. Configure the following settings: • In the IPv6 Mode field, select Enable. • In the Routing . a. Select Routing > IPv6 > Advanced > Tunnel Configuration. A screen similar to the following displays. Tunnels for IPv6 556 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 557
Series and M4300-96X Fully Managed Switches b. Configure the following tunnel settings: • In the Tunnel ID field, select 0. • In the Mode field, on Switch 3 1. Enable IP routing on Switch 3. a. Select Routing > IP > Basic > IP Configuration. Tunnels for IPv6 557 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 558
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. Tunnels for IPv6 558 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 559
M4300 Series and M4300-96X Fully Managed Switches b. Above the table heading, Under IP Interface the table heading. d. Configure the following settings: • In the IP Address Configuration Method field, select Manual. • In the IP Address field, enter 195.1.5.2. • In the Subnet Mask field, enter 255. - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 560
Series and M4300-96X Fully Managed Switches 5. Configure the IPv6 address for the IPv6 routing interface 2/0/24. a. Select Routing > IPv6 > Advanced > Prefix select Enable. • In the IPv6 Address/Prefix Length field, enter 2002:c301:402::1/16. Tunnels for IPv6 560 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 561
Series and M4300-96X Fully Managed Switches • In the EUI64 field, select Disable. • In the Source Address field, enter 195.1.4.2. c. Click Add. d. Configure , enter 255.255.255.0. • In the Next Hop Address field, enter 195.1.5.1. c. Click Add. Tunnels for IPv6 561 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 562
29 29IPv6 Interface Configuration IPv6 routing and routing VLANs This chapter includes the following sections: • Create an IPv6 Routing Interface • Create an IPv6 Routing VLAN • Configure DHCPv6 Mode on the Routing Interface 562 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 563
and M4300-96X Fully Managed Switches Create an IPv6 Routing Interface The example is shown as CLI commands and as a local browser interface procedure. CLI: Create an IPv6 Routing Interface 1. Enable IPV6 forwarding and unicast routing on the switch. (Netgear Switch) (Config)#ipv6 forwarding (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 564
Series and M4300-96X Fully Managed Switches (Netgear Switch) #show ipv6 interface 1/0/1 IPv6 is enabled IPv6 Prefix is FE80::21E:2AFF: IPv6 routing on interface 1/0/1. a. Select Routing > IPv6 > Advanced > Interface Configuration. IPv6 Interface Configuration 564 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 565
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IPv6 Interface Configuration, scroll down and select the Length field, enter 64. e. In the EUI64 field, select Disable. f. Click Add. IPv6 Interface Configuration 565 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 566
Switch) (Config)#interface vlan 0/4/1 (Netgear Switch) (Interface 0/4/1)#routing (Netgear Switch) (Interface 0/4/1)#ipv6 enable (Netgear Switch) (Interface 0/4/1)#ipv6 address 2000::1/64 (Netgear Switch) (Interface 0/4/1)#exit IPv6 Interface Configuration 566 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 567
and M4300-96X Fully Managed Switches 4. Enable IPV6 forwarding and unicast routing on the switch. (Netgear Switch) (Config)#ipv6 forwarding (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) Autonomous Flag Enabled IPv6 Interface Configuration 567 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 568
Series and M4300-96X Fully Managed Switches Local Browser Interface: Create an IPv6 VLAN Routing Interface 1. Create VLAN 500. a. Select Switching > VLAN > is untagged for the port. e. Click Apply. 3. Specify the PVID on port 1/0/1. IPv6 Interface Configuration 568 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 569
Series and M4300-96X Fully Managed Switches a. Select Switching > VLAN > Advanced > Port PVID Configuration. A screen similar to the following b. Click VLANS. The logical VLAN interface 0/4/2 displays. c. Select the 0/4/2 check box. IPv6 Interface Configuration 569 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 570
Series and M4300-96X Fully Managed Switches d. Under IPv6 Interface Configuration, in the IPv6 , select Disable. f. Click Add. Configure DHCPv6 Mode on the Routing Interface The routing interface supports DHCPv6 mode, which can get the IPv6 address from a DHCPv6 server (address allocation). Note: - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 571
M4300-96X Fully Managed Switches CLI: Configure DHCPv6 mode on routing interface 1. Enable IPv6 unicast globally. (Netgear Switch) (Config)#ipv6 unicast-routing 2. Enable DHCPv6 on the interface 1/0/23. (Netgear Switch) (Config)#interface 1/0/23 (Netgear Switch) (Interface 1/0/23)#routing (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 572
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure DHCPv6 mode on routing interface 1. Enable IPv6 unicast globally. a. assigned from 1/0/23. a. Select Routing > IPv6 > Advanced > Prefix Configuration. IPv6 Interface Configuration 572 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 573
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/23. You can see the IPv6 address assigned by the DHCPv6 server. IPv6 Interface Configuration 573 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 574
30 30PIM Protocol Independent Multicast This chapter includes the following sections: • Protocol Independent Multicast Concepts • PIM-DM • PIM-SM 574 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 575
Series and M4300-96X Fully Managed Switches Protocol Independent Multicast Concepts The PIM protocol can be configured to operate on IPv4 and to many receivers (due to frequent flooding) • High volume of multicast traffic • Constant stream of traffic PIM 575 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 576
Subnet 192.168.4.0/24 Subnet 192.168.2.0/24 Subnet 192.168.1.0/24 Subnet 192.168.5.0/24 M4300 Series and M4300-96X Fully Managed Switches Source IP 192.168.1.1 Switch A Port 1/0/13 Port 1/0/1 Port 1/0/9 Port and is propagated throughout the network. When PIM 576 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 577
M4300 on the switch. (Netgear Switch) #configure (Netgear Switch) (Config)#ip routing 2. Enable pimdm on the switch. (Netgear Switch) (Config)#ip Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 578
M4300 Series and M4300-96X Fully Managed Switches 5. Enable PIM-DM on the interface. (Netgear Switch) (Interface 1/0/1)#ip pim (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/9 (Netgear Switch) (Interface 1/0/9)#routing (Netgear Switch) (Interface 1/0/9)#ip address - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 579
M4300 Series and M4300-96X Fully Managed Switches PIM-DM on Switch C (Netgear Switch) #configure (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip pim dense (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#interface 1/0/21 (Netgear Switch) (Interface 1/0/21)#routing - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 580
M4300 Series and M4300-96X Fully Managed Switches 2. Enable IGMP on port 1/0/24. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#routing (Netgear Switch) (Interface 1/0/24)#ip pim (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear 580 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 581
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure PIM-DM PIM-DM on Switch A 1. Enable IP routing on the switch. a. a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. PIM 581 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 582
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/9 check box. Now 1/0/9 appears .1.2. • In the Subnet Mask field, enter 255.255.255.0. • In the Routing Mode field, select Enable. PIM 582 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 583
Series and M4300-96X Fully Managed Switches d. Click Apply to save the settings. 5. Enable RIP on the interface 1/0/1. a. Select Routing > RIP > d. Click Apply. 7. Enable RIP on interface 1/0/13. a. Select Routing > RIP > Advanced > Interface Configuration. PIM 583 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 584
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/13. c. For RIP button. c. Click Apply. 9. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. PIM 584 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 585
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For PIM Protocol Type, select the PIM-DM radio button. c. PIM-DM on Switch B: 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP Configuration. PIM 585 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 586
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click a. Select Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. PIM 586 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 587
Series and M4300-96X Fully Managed Switches b. Under IP Interface Configuration, scroll down and select the Port 1/0/11 check box. > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface list, select 1/0/11. PIM 587 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 588
M4300 Series and M4300-96X Fully Managed Switches c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 6. Enable multicast globally. a. PIM-SM on interfaces 1/0/10 and 1/0/11. a. Select Routing > Multicast > PIM > Interface Configuration. PIM 588 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 589
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/10 Configuration. A screen similar to the following displays. b. Scroll down select the Port 1/0/21 check box. PIM 589 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 590
Series and M4300-96X Fully Managed Switches Now 1/0/21 appears in the Interface field at the top. c. Enter the following information: • In the IP 21. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. 5. Enable RIP on interface 1/0/22. PIM 590 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 591
Series and M4300-96X Fully Managed Switches a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In c. Click Apply. 7. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. PIM 591 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 592
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For PIM Protocol Type, select the PIM-DM radio button on the switch. a. Select Routing > IP > Basic > IP Configuration. A screen similar to the following displays. PIM 592 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 593
Series and M4300-96X Fully Managed Switches b. For Routing Mode, select the Enable radio button. c. Click Apply. 2. Configure 1/0/21 as a routing port and enter 255.255.255.0. • In the Routing Mode field, select Enable. d. Click Apply to save the settings. PIM 593 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 594
Series and M4300-96X Fully Managed Switches 4. Configure 1/0/24 as a routing port and assign an IP address to it. a. Select Routing > IP > . d. Click Apply. 6. Enable RIP on interface 1/0/22. a. Select Routing > RIP > Advanced > Interface Configuration. PIM 594 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 595
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. For RIP Admin A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. PIM 595 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 596
Series and M4300-96X Fully Managed Switches 9. Enable PIM-DM globally. a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to . a. Select Routing > Multicast > IGMP > Global Configuration. A screen similar to the following displays. PIM 596 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 597
Series and M4300-96X Fully Managed Switches b. For Admin Mode, select the Enable radio button. c. Click Apply. 12. Enable IGMP on interface 1/0/24. a. Select Routing check box. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. PIM 597 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 598
Series and M4300-96X Fully Managed Switches PIM-SM Protocol-independent multicast sparse mode (PIM-SM) is used to efficiently route multicast traffic to RP do not necessarily provide the shortest, most optimal path. In such cases PIM-SM provides a means PIM 598 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 599
M4300 Series and M4300 switch. (Netgear Switch)#configure (Netgear Switch) (Config)#ip routing 2. Enable PIM-SM on the switch. (Netgear Switch) ( Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear Switch) (Interface 1/0/1)#ip address 192.168.2.2 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 600
Series and M4300-96X Fully Managed Switches (Netgear Switch) (Interface 1/0/1)#ip pim (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/9 (Netgear Switch) (Interface 1/0/9)#routing (Netgear Switch) (Interface 1/0/9)#ip address 192.168.3.1 (Netgear Switch) (Interface - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 601
1/0/22 (Netgear Switch) (Interface 1/0/22)#routing (Netgear Switch) (Interface 1/0/22)#ip address 192.168.6.1 255.255.255.0 (Netgear Switch) (Interface 1/0/22)#ip rip (Netgear Switch) (Interface 1/0/22)#ip pim (Netgear Switch) (Interface 1/0/22)#exit PIM 601 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 602
Series and M4300-96X Fully Managed Switches PIM-SM on Switch D (Netgear Switch)#configure (Netgear Switch) (Config)#ip multicast (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip igmp (Netgear Switch) (Config)#ip pim (Netgear Switch) (Config)#ip pim rp-candidate interface 1/0/22 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 603
Series and M4300-96X Fully Managed Switches PIM-SM builds the multicast route table on each switch. The following tables show the Interface * 225.1.1.1 PIMSM 1/0/22 192.168.1.1 225.1.1.1 PIMSM 1/0/21 Outgoing Interface List 1/0/24 1/0/24 PIM 603 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 604
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure PIM-SM PIM-SM on Switch A 1. Enable IP routing on the switch. a. a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. PIM 604 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 605
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the interface 1/0/9 check box. Now Routing Mode field, select Enable. d. Click Apply to save the settings. 5. Enable RIP on interface 1/0/1. PIM 605 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 606
M4300 Series and M4300-96X Fully Managed Switches a. Select Routing > RIP > Advanced > Interface Configuration. A screen similar to the following displays. b. In the Interface field. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. PIM 606 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 607
Series and M4300-96X Fully Managed Switches 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. A screen similar to PIM-SM on interfaces 1/0/1,1/0/9, and 1/0/13. a. Select Routing > Multicast > PIM > Interface Configuration. PIM 607 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 608
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1, 1/0/9, and 1/0/ Routing > IP > Advanced > IP Interface Configuration. A screen similar to the following displays. PIM 608 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 609
Series and M4300-96X Fully Managed Switches b. Scroll down and select the interface 1/0/10 check box. Now 1/0/10 appears in the Interface field at In the Interface field, select 1/0/10. c. For RIP Admin Mode, select the Enable radio button. d. Click Apply. PIM 609 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 610
Series and M4300-96X Fully Managed Switches 5. Enable RIP on interface 1/0/11. a. Select Routing > RIP > Advanced > Interface Configuration. A screen . a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following displays. PIM 610 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 611
Series and M4300-96X Fully Managed Switches b. For PIM Protocol Type, select the PIM-SM radio button. c. For Admin Mode, select the Enable Add. 10. Set up the BSR candidate configuration. a. Select Routing > Multicast > PIM > BSR Candidate Configuration. PIM 611 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 612
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select the 1/0/10. c. In a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. PIM 612 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 613
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/21 check save the settings. 4. Enable RIP on the interface 1/0/21. a. Select Routing > RIP > Advanced > Interface Configuration. PIM 613 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 614
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface field, select 1/0/21. c. For RIP Admin Mode, displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 7. Enable PIM-SM globally. PIM 614 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 615
M4300 Series and M4300-96X Fully Managed Switches a. Select Routing > Multicast > PIM > Global Configuration. A screen similar to the following settings. 9. Candidate RP Configuration. a. Select Routing > Multicast > PIM > Candidate RP Configuration. PIM 615 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 616
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. In the Group IP field, 1/0/21. c. In the Hash Mask Length field, enter 30. d. In the Priority field, enter 5. e. Click Apply. PIM 616 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 617
Series and M4300-96X Fully Managed Switches PIM-SM on Switch D 1. Enable IP routing on the switch. a. Select Routing > IP > Basic > IP a routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. PIM 617 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 618
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/22 check to save the settings. 5. Enable RIP on interface 1/0/21. a. Select Routing > RIP > Advanced > Interface Configuration. PIM 618 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 619
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/21. c. For Enable radio button. d. Click Apply. 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. PIM 619 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 620
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. PIM-SM on interfaces 1/0/21, 1/0/22, and 1/0/24. a. Select Routing > Multicast > PIM > Interface Configuration. PIM 620 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 621
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/21, 1/0/22, Add. 12. Set up BSR Candidate configuration. a. Select Routing > Multicast > PIM > BSR Candidate Configuration. PIM 621 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 622
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface list, select 1/0/22. c. In the Click Apply. 14. Enable IGMP on interface 1/0/24. a. Select Routing > Multicast > IGMP > Interface Configuration. PIM 622 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 623
M4300-96X Fully Managed Switches A screen similar to the following displays. b. Under IGMP Routing Interface Configuration, scroll down and select the Interface 1/0/24 check box. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. PIM 623 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 624
31 31DHCP L2 Relay and L3 Relay Dynamic Host Configuration Protocol relays This chapter includes the following sections: • DHCP L2 Relay • DHCP L3 Relay • Configure a DHCP L3 Switch 624 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 625
Series and M4300-96X Fully Managed Switches DHCP L2 Relay DHCP relay agents eliminate used. CLI: Enable DHCP L2 Relay 1. Enter the following commands: (Netgear Switch)#vlan database (Netgear Switch)(Vlan)#vlan 200 (Netgear Switch)(Vlan)#exit DHCP L2 Relay and L3 Relay 625 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 626
Series and M4300-96X Fully Managed Switches 2. Enable the DHCP L2 relay on the switch. (Netgear Switch) (Config)#dhcp l2relay (Netgear Switch) (Config)#dhcp l2relay vlan 200 3. Enable the Option 82 Circuit ID field. (Netgear Switch) (Config)#dhcp l2relay circuit-id vlan 200 4. Enable the Option - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 627
Series and M4300-96X Fully Managed Switches Local Browser Interface: Enable DHCP L2 Relay 1. Create VLAN 200. a. Select Switching > VLAN > ports 1/0/4, 1/0/5 and 1/0/6. a. Select Switching > VLAN > Advanced > Port PVID Configuration. DHCP L2 Relay and L3 Relay 627 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 628
M4300 Series and M4300-96X Fully settings. 4. Enable DHCP L2 relay on VLAN 200. a. Select System > Services > DHCP L2 Relay > DHCP L2 Relay Configuration. A screen similar to Relay on interfaces 1/0/4,1/0/5, and 1/0/6. a. Select System > Services > DHCP L2 Relay > DHCP L2 Relay Interface Configuration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 629
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following settings. 6. Enable DHCP L2 relay trust on interface 1/0/6. a. Select System > Services > DHCP L2 Relay > DHCP L2 Relay Interface Configuration. A screen similar to L3 Relay 629 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 630
Series and M4300-96X Fully Managed Switches DHCP L3 Relay This example consists of two steps: • Use a Windows Server operating system to configure a DHCP L3 server the Server Manager. 2. In the menu tree on the left, click Roles. DHCP L2 Relay and L3 Relay 630 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 631
M4300 Series and M4300-96X Fully Managed Switches 3. In the pop-up menu, select Add Roles. The Add Roles Wizard starts. DHCP L2 Relay and L3 Relay 631 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 632
M4300 Series and M4300-96X Fully Managed Switches 4. Click the Next button. 5. Select the DHCP Server check box. 6. Click the Next button. 7. From the menu on the left, select DHCP scopes. DHCP L2 Relay and L3 Relay 632 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 633
M4300 Series and M4300-96X Fully Managed Switches 8. Click the Add button. 9. In the Add Scope pop-up window, enter the IP address scope information for a marketing scope. DHCP L2 Relay and L3 Relay 633 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 634
M4300 Series and M4300-96X Fully Managed Switches In this example, an IP address range of 10.200.1.2-10.200.1.100 is used. In the Default Gateway (optional) for the DHCP client. 13. Click the OK button. The scope information is saved. DHCP L2 Relay and L3 Relay 634 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 635
M4300 Series and M4300-96X Fully Managed Switches 14. Click the Next button. 15. Select the Disable DHCPv6 stateless mode for this server radio button. 16. Click the Next button. DHCP L2 Relay and L3 Relay 635 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 636
M4300 Series and M4300-96X Fully Managed Switches 17. Click the Install button. 18. Wait for the DHCP server to be installed and the installation process to finish. 19. Click the Close button. DHCP L2 Relay and L3 Relay 636 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 637
Series and M4300-96X Fully Managed Switches 20. Make sure that in the Status column, the field for the DHCP server states Running. If a computer the IP address, subnet mask, and gateway address for the marketing or sales scope. DHCP L2 Relay and L3 Relay 637 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 638
M4300 Series and M4300-96X Fully Managed Switches Configure a DHCP L3 Switch CLI: Configure a DHCP L3 Relay 1. Enable routing on the switch. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)# 2. Create a routing interface and assign subnet 10.100.1.2/24 to it. - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 639
M4300 Series and M4300-96X Fully Managed Switches 3. Create a routing interface connecting to the client. (Netgear Switch) (Config)# (Netgear Switch) (Config)#Interface 1/0/15 (Netgear Switch) (Interface 1/0/15)#routing (Netgear Switch) (Interface 1/0/15)#ip address 10.200.1.1 255.255.255.0 (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 640
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll scroll down and select the Port 1/0/15 check box. c. In the IP Address Configuration Method field, enter Manual. d. In the IP Address field, enter 10.200.1.1. e. In the Subnet Mask field, enter 255.255 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 641
Configuration Method field, enter Manual. d. In the IP Address field, enter 10.200.2.1. e. In the Subnet Mask field, enter 255.255.255.0. f. In the Routing Mode field, select Enable. g. Click Apply to save the settings. 5. Enable DHCP L3 relay. a. Select System > Services > DHCP Relay. A screen - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 642
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Server Address field, enter 10.100.1.1. c. In the UDP Port field, enter dhcp. d. Click Add to save the settings. DHCP L2 Relay and L3 Relay 642 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 643
32 32MLD Multicast Listener Discovery This chapter includes the following sections: • Multicast Listener Discovery Concepts • Configure MLD • MLD Snooping 643 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 644
M4300 Series and M4300-96X Fully Managed Switches Multicast Listener Discovery Concepts Multicast Listener Discovery (MLD) protocol enables IPv6 routers to 1/0/1 2001:1::/64 Switch B Port 1/0/21 Port 1/0/24 2001:3::/64 Host Figure 63. Configure MLD MLD 644 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 645
Series and M4300-96X Fully Managed Switches CLI: Configure MLD MLD on Switch A (Netgear Switch) #configure (Netgear Switch) (Config)#ipv6 router ospf (Netgear Switch) (Config-rtr)#router-id 1.1.1.1 (Netgear Switch) (Config)#exit (Netgear Switch) (Config)#ipv6 unicast-routing (Netgear Switch) (Config - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 646
M4300-96X Fully Managed Switches 3. Enable IPV6 MLD on the switch. (Netgear Switch) (Config)#ipv6 mld router 4. Enable IPV6 PIM-DM on the switch. (Netgear Switch) (Config)#ipv6 pim dense 5. Enable IP multicast forwarding on the switch. (Netgear Switch) (Config)#ip routing (Netgear Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 647
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure MLD MLD on Switch A 1. Enable IP routing on the switch. routing ports. a. Select Routing > IPv6 > Advanced > Interface Configuration. A screen similar to the following displays. MLD 647 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 648
Series and M4300-96X Fully Managed Switches b. Scroll down and select the Interface 1/0/1 and 1/0/13 check boxes. c. Enter the following > IPv6 > Advanced > Prefix Configuration. A screen similar to the following displays. b. Select Interface 1/0/13. MLD 648 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 649
M4300 Series and M4300-96X Fully Managed Switches c. Enter the following information: • In the IPv6 Prefix field, enter 2001:2::1. • In the Click Apply to save the settings. 8. Enable multicast globally. a. Select Routing > Multicast > Global Configuration. MLD 649 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 650
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. -DM on interfaces 1/0/1 and 1/0/13. a. Select Routing > IPv6 Multicast > IPv6 PIM > Interface Configuration. MLD 650 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 651
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/1 and 1/0/13 Apply. 2. Enable IPv6 unicast routing on the switch. a. Select Routing > IPv6 > Basic > Global Configuration. MLD 651 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 652
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For IPv6 Unicast Routing, select the Enable radio button. settings. 4. Assign an IPv6 address to 1/0/21. a. Select Routing > IPv6 > Advanced > Prefix Configuration. MLD 652 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 653
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Interface field, select 1/0/21. c. Enter the the settings. 6. Configure the router ID of OSPFv3. a. Select Routing > OSPFv3 > Basic > OSPFv3 Configuration. MLD 653 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 654
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the Router ID field, enter 2.2.2.2. c. For Admin A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. MLD 654 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 655
Series and M4300-96X Fully Managed Switches 9. Enable PIM-DM globally. a. Select Routing > IPv6 Multicast > IPv6PIM > Global Configuration. A screen similar to . 11. Enable MLD on the switch. a. Select Routing > IPv6 Multicast > MLD > Global Configuration. MLD 655 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 656
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. 12 in the Interface field at the top. c. In the Admin Mode field, select Enable. d. Click Apply. MLD 656 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 657
Series and M4300-96X Fully Netgear Switch) (Interface 1/0/24)#exit (Netgear Switch) (Config)#exit (Netgear Switch) (Config)#set mld (Netgear Switch) (Config)#exit (Netgear Switch) #vlan database (Netgear Switch) (Vlan)#set mld 300 (Netgear Switch) (Vlan)#exit MLD 657 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 658
M4300-96X Fully Managed Switches 2. Enable MLD snooping on VLAN 300. (Netgear Switch) #show mldsnooping Admin Mode Enable Multicast Control Frame Count 0 Interfaces Enabled for MLD Snooping None VLANs enabled for MLD snooping 300 (Netgear , select 300. MLD 658 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 659
M4300 Series and M4300-96X Fully Managed Switches c. Click Unit 1. The ports display. d. Click the gray boxes under ports 1 and 24 until U displays 5. Enable MLD snooping on the VLAN 300. a. Select Routing > Multicast > MLD Snooping > MLD VLAN Configuration. MLD 659 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 660
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the VLAN ID field, enter 300. • In the Admin Mode field, select Enable. 6. Click Add. MLD 660 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 661
33 33DVMRP Distance Vector Multicast Routing Protocol This chapter includes the following sections: • Distance Vector Multicast Routing Protocol Concepts • CLI: Configure DVMRP • Local Browser Interface: Configure DVMRP 661 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 662
M4300 Series and M4300-96X Fully Managed Switches Distance Vector Multicast Routing Protocol Concepts The Distance Vector Multicast Routing Protocol (DVMRP) is used for multicasting over IP networks without routing protocols to support Figure 64. DVMRP DVMRP 662 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 663
M4300 Series and M4300-96X Fully Managed Switches CLI: Configure DVMRP DVRMP on Switch A 1. Create routing interfaces 1/0/1, 1/0/13, and 1/0/21. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#routing (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 664
M4300 Series and M4300-96X Fully Managed Switches 4. Enable DVMRP mode on the interfaces 1/0/1, 1/0/13, and 1/0/21. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) (Interface 1/0/1)#ip dvmrp (Netgear Switch) (Interface 1/0/1)#exit (Netgear Switch) (Config)#interface 1/0/13 (Netgear Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 665
1/0/13 (Netgear Switch) (Interface 1/0/13)#ip dvmrp (Netgear Switch) (Interface 1/0/13)#ex (Netgear Switch) (Config)#interface 1/0/20 (Netgear Switch) (Interface 1/0/20)#ip dvmrp (Netgear Switch) (Interface 1/0/20)#exit (Netgear Switch) (Config)#exit DVMRP 665 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 666
M4300 Series and M4300-96X Fully Managed Switches (Netgear Switch) #show ip dvmrp neighbor Interface 1/0/13 Neighbor IP Address Missing 11441 Received Routes 0 Received Bad Packets 0 Received Bad Routes 0 (Netgear Switch) #show ip mcast mroute detail summary Source IP Multicast Route Table - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 667
M4300 Series and M4300-96X Fully Managed Switches DVRMP on Switch C: 1. Create routing interfaceS 1/0/11, 1/0/3, and 1/0/24. (Netgear Switch) #config (Netgear Switch) (Config)#ip routing (Netgear Switch) (Config)#ip interface 1/0/11 (Netgear Switch) (Interface 1/0/11)#ip routing (Netgear Switch) ( - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 668
M4300-96X Fully Managed Switches 6. Enable IGMP mode on the interface 1/0/24. (Netgear Switch) (Config)#interface 1/0/24 (Netgear Switch) (Interface 1/0/24)#ip igmp (Netgear Switch) (Interface 1/0/24)#exit (Netgear Bad Packets 0 Received Bad Routes 0 (Netgear Switch) #show ip mcast mroute detail - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 669
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure DVMRP DVMRP on Switch A 1. Enable IP routing on the switch. a. Select Routing and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. DVMRP 669 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 670
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/13 check box to save the settings. 5. Enable IP multicast on the switch. a. Select Routing > Multicast > Global Configuration. DVMRP 670 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 671
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Click Apply. the Interface 1/0/1, 1/0/13, and 1/0/21 check boxes. c. In the Interface Mode field, select 300. DVMRP 671 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 672
Series and M4300-96X Fully Managed Switches d. Click Apply to save the settings. DVMRP on Switch B 1. Enable IP routing on the switch. a. Select Routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. DVMRP 672 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 673
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll and select the Port 1/0/20 check box radio button. c. Click Apply. 5. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP> Global Configuration. DVMRP 673 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 674
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. screen similar to the following displays. b. For Routing Mode, select the Enable radio button. c. Click Apply. DVMRP 674 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 675
Series and M4300-96X Fully Managed Switches 2. Configure 1/0/11 as a routing port and assign an IP address to it. a. Select Routing > IP > Advanced routing port and assign an IP address to it. a. Select Routing > IP > Advanced > IP Interface Configuration. DVMRP 675 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 676
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Port 1/0/24 check button. c. Click Apply. 6. Enable DVMRP on the switch. a. Select Routing > Multicast > DVMRP > Global Configuration. DVMRP 676 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 677
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. For Admin Mode, select the Enable radio button. c. Apply. 9. Enable IGMP on the interface. a. Select Routing > Multicast > IGMP > Routing Interface Configuration. DVMRP 677 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 678
M4300 Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Scroll down and select the Interface 1/0/24 check box. Now 1/0/24 at the top. c. In the Admin Mode field, select Enable. d. Click Apply to save the settings. DVMRP 678 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 679
34 34PTP End-to-End Transparent Clock Manage Precision Time Protocol This chapter includes the following sections: • PTP Concepts • PTP Time Stamp Operation • PTP Transparent Clocks • Manage the PTP End-to-End Transparent Clock 679 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 680
Series and M4300-96X Fully Managed Switches PTP Concepts Precision Time to a grandmaster clock through an exchange of packets across the network. The switch supports PTP end-to-end transparent clock, which is enabled by default, both globally Transparent Clock 680 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 681
supports the PTP firmware and is sent in a separate message. The M4300 series switches do not support M4300 series models support a PTP E2E transparent clock, with the exception of models M4300-24X24F, M4300-48X, and M4300-48XF • The PTP E2E transparent clock supports only the following three types of - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 682
) (Config)#interface 1/1/1 (Netgear Switch) (Interface 1/1/1)#no ptp clock e2e-transparent CLI: Globally Reenable PTP End-to-End Transparent Clock (Netgear Switch) #configure (Netgear Switch) (Config)#ptp clock e2e-transparent PTP End-to-End Transparent Clock 682 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 683
M4300-96X Fully Managed Switches CLI: Reenable PTP End-to-End Transparent Clock for an Interface (Netgear Switch) #configure (Netgear Switch) (Config)#interface 1/1/1 (Netgear Switch) (Interface 1/1/1)#ptp clock e2e-transparent CLI: Display the PTP End-to-End Transparent Clock Status (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 684
35 35Link Dependency Configure Link State Groups This chapter includes the following sections: • Link Dependency Concepts • CLI: Create a Link State Group • Local Browser Interface: Create a Link State Group 684 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 685
M4300 Series and M4300-96X Fully Managed Switches Link Dependency Concepts Link dependency enables or disables ports in a group based on the interface in another link state group if such a configuration causes circular dependencies between groups. Link Dependency 685 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 686
M4300 Series and M4300-96X Fully Managed Switches CLI: Create a Link State Group 1. Create a link state group with group number 1. (Netgear Switch) (Config)#link state group 1 action down 2. Configure port 1/0/1 as an upstream link. (Netgear Switch) (Config)#interface 1/0/1 (Netgear Switch) ( - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 687
Series and M4300-96X Fully Managed Switches Local Browser Interface: Create a Link State Group 1. Configure the action for link state group > Link Dependency > Link Dependency Interface Configuration. A screen similar to the following displays. Link Dependency 687 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 688
Series and M4300-96X Fully Managed Switches b. Select the check box to the left of interface 1/0/1. 1/0/1 displays in the Interface field of the From the Downstream Interface menu, select True. d. Click the Apply button. Your settings are saved. Link Dependency 688 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 689
36 36Captive Portals Captive portals and client authentication This chapter includes the following sections: • Captive Portal Concepts • Captive Portal Configuration Concepts • Enable a Captive Portal • Client Access, Authentication, and Control • Block a Captive Portal Instance • Local - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 690
Series and M4300-96X Fully Managed Switches Captive Portal captive portal feature on all the physical ports on the switch. It is not supported for VLAN interfaces, loopback interfaces, or logical interfaces. The captive portal feature uses switch. Captive Portals 690 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 691
Series and M4300-96X Fully Managed Switches Captive Portal Netgear Switch) (Config-CP)#configuration 1 (Netgear Switch) (Config-CP 1)#enable 3. Enable captive portal instance 1 on port 1/0/1. (Netgear Switch) (Config-CP 1)#interface 1/0/1 Captive Portals 691 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 692
Series and M4300-96X Fully Managed Switches Local Browser Interface: Enable a Captive Portal 1. Enable captive portal on the switch. a. Select CP 1 on interface 1/0/1. a. Select Security > Controls > Captive Portal > CP Binding Configuration. Captive Portals 692 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 693
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. In the CP ID list, select saved in the configuration. Block a Captive Portal Instance CLI: Block a Captive Portal Instance (Netgear Switch)(Config-CP 1)#block Captive Portals 693 Software Administration - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 694
Series and M4300-96X Fully Managed Switches Local Browser Interface: Block a Captive Portal Instance 1. Select Security Groups 1. Create a group whose group ID is 2. (Netgear Switch) #config (Netgear Switch) (config)#captive-portal (Netgear Switch)(Config-CP)# user group 2 Captive Portals 694 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 695
Series and M4300-96X Fully Managed Switches 2. Create a user whose name is user1. (Netgear Switch) (Config-CP)#user 2 name user1 3. Configure the user's password. (Netgear Switch) Security > Control > Captive Portal > CP User Configuration. Captive Portals 695 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 696
Series and M4300-96X Fully Managed Switches A screen similar to the following displays. b. Enter the following information: • In the User ID Field, enter 2. • VSAs are denoted in the ID column and are comma delimited (vendor ID, attribute ID). Captive Portals 696 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 697
M4300 Series and M4300-96X Fully Managed Switches Table 5. RADIUS Attributes for Configuring Captive Portal 0 CLI: Configure RADIUS as the Verification Mode (Netgear Switch) (Config-CP 1)#radius-auth-server Default-RADIUS-Server (Netgear Switch) (Config-CP 1)#verification radius Captive Portals - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 698
Series and M4300-96X Fully Managed Switches Local Browser Interface: Configure RADIUS as the Verification Mode 1. Select Security > Control > Captive Portal > the captive portal instance status will show Disabled with an appropriate reason code. Captive Portals 698 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 699
37 37iSCSI Internal Small Computer System Interface This chapter includes the following sections: • iSCSI Concepts • Enable iSCSI Awareness with VLAN Priority Tag • Enable iSCSI Awareness with DSCP • Set the iSCSI Target Port • Show iSCSI Sessions 699 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 700
Series and M4300-96X Fully Managed Switches iSCSI Concepts The Internal Small Computer System management or voice VLAN. The administrator should also take care of configuring the relevant Class of Service parameters for the queue chosen in order to complete the setting. The following figure shows an - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 701
Series and M4300-96X Fully Managed Switches Enable time. (Netgear Switch) #config (Netgear Switch) (Config) #iscsi enable (Netgear Switch) (Config) #iscsi cos vpt 5 (Netgear Switch) (Config) #iscsi aging time 10 (Netgear Switch) to save the settings. iSCSI 701 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 702
M4300-96X Fully Managed Switches Enable iSCSI Awareness with DSCP The example is shown as CLI commands and as local browser interface procedure. CLI: Enable iSCSI Awareness with DSCP Use the following commands to enable iSCSI awareness, select DSCP, and set DSCP queue number and aging time. (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 703
Series and M4300-96X Fully Managed Switches Set the iSCSI Target Port When working with iSCSI that does not use the standard IANA assigned iSCSI ports (3260/860), NETGEAR recommends that you specify the target IP .1.20. c. Click Apply to save the settings. iSCSI 703 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 704
M4300-96X Fully Managed Switches Show iSCSI Sessions The example is shown as CLI commands and as local browser interface procedure CLI: Show iSCSI Sessions Use the following commands to show iSCSI sessions and session details: (Netgear netgear-think ISID: 400001370000 (Netgear netgear (Netgear - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 705
Series and M4300-96X Fully Managed Switches Local Browser Interface: Show iSCSI Sessions 1. Show iSCSI sessions. a. Select Switching > iSCSI > Switching > iSCSI > Advanced > Sessions detailed. A screen similar to the following displays. 4. Click Refresh. iSCSI 705 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 706
38 38Override Factory Defaults Use another factory default configuration file This chapter includes one section: • Override the Factory Default Configuration File 706 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 707
Series and M4300-96X Fully Managed Switches Override the Factory Default Configuration File NETGEAR managed switches support a single set of default configurations and scaling parameters, which are wait... File transfer successful.. Override Factory Defaults 707 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 708
M4300 Series and M4300-96X Fully Managed Switches CLI: Erase the Old Factory Default Configuration File 1. Erase the old factory default configuration file from the switch. (Netgear Switch) #erase factory-default 2. Reload the switch. The new factory default configuration file (that is, the - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 709
39 39NETGEAR SFP Small form-factor pluggables This chapter includes one section: • Connect with a NETGEAR AGM731F SFP 709 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 710
Series and M4300-96X Fully Managed Switches Connect with a NETGEAR AGM731F SFP Cisco provides a way to support third-party small form-factor pluggables (SFPs). For example, a NETGEAR AGM731F SFP can function between a Cisco switch and a NETGEAR switch. 1. Before connecting the NETGEAR switch to - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 711
40 40Expandable Ports Configuration APM402XL Port Card This chapter includes one section: • Expand a 40G Port on an APM402XL Port Card to Four 10G Ports 711 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 712
(Netgear Switch) (Config)#interface 1/7/1 (Netgear Switch) (Interface 1/7/1)#hardware profile portmode 4x10G Local Browser Interface: Expand a 40G Port to Four 10G Ports 1. Select Switching > Ports > Expandable Port Configuration. Expandable Ports Configuration 712 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 713
M4300 Series and M4300-96X Fully Managed Switches 2. Select port 1/7/1. Port 1/7/1 displays in the 40G Interface field of the table heading. 3. From the Configured Mode menu, select 4x10G. 4. Click the Apply button. Expandable Ports Configuration 713 Software Administration Manual - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 714
378 compatibility, switch stack firmware 464 compatible mode, MVR 303 configuration files, switch stacks 464 configuration scripting 418 CoS (Class of Service) queuing 232 D DAI (Dynamic ARP inspection) 345 default configuration file, overriding 707 default routes, port routing 83 dense mode, PIM - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 715
Series and M4300-96X Fully Managed Switches DVMRP (Distance Vector Multicast Routing Protocol) 662 Dynamic ARP inspection (DAI) 345 dynamic mode DHCP server 485 MVR 309 dynamic port - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 716
Series and M4300-96X Fully Managed Switches O organizationally unique identifier (OUI) 267 OSPF Protocol) 266 scheduler mode, strict priority 236 scripting, configuration 418 security, ports 317 service, DiffServ 242 Session Initiation Protocol (SIP) 266 session limit and time-out, Telnet 432 - Netgear XSM4324FS | Software Administration Manual Software Version 12.x - Page 717
M4300 Series and M4300-96X Fully Managed Switches subnet-based VLANs 41 switch port modes 70 switch stacks 450 system logging (syslog), logging, syslog 440 T TACACS+ accounting server 378
NETGEAR, Inc.
350 East Plumeria Drive
San Jose, CA 95134, USA
September 2019
202-11996-01
Software Administration Manual
M4300 Intelligent Edge Series
Fully
Managed
Stackable
Switches
Software Version 12.0.8
M4300 Series Switches
M4300-96X Modular Switch