NETGEAR M4200

To Next Page

To Previous Page

ACLs

169

Managed Switches

One-Way Access Using a TCP Flag in an ACL

This example shows how to set up one-way access using a TCP flag in an ACL. PC 1 can

access FTP server 1 and FTP server 2, but PC 2 can access only FTP server 2.

Figure 20. One-Way Web access using a TCP flag in an ACL

CLI: Configure One-Way Access Using a TCP Flag in an ACL

This is a two-step process:

• Step 1: Configure the VLAN and IP addresses on Switch A on page 170

• Step 2: Configure on Switch B on page 172

FTP server 1

PC 1 PC 2

Port 1/0/25

Port 0/35

Switch A

Switch B

FTP server 2

Port 0/44

Port 1/0/48

Port 1/0/24

192.168.40.2

Port 0/13

192.168.100.2

192.168.30.2 192.168.50.2

Main Page

Default Chapter3
- Table of Contents3
Chapter 1 Documentation Resources17
Chapter 2 Vlans18
- VLAN Concepts19
- Create Two Vlans20
  - CLI: Create Two Vlans20
  - Web Interface: Create Two Vlans20
- Assign Ports to VLAN 221
  - CLI: Assign Ports to VLAN 221
  - Web Interface: Assign Ports to VLAN 222
- Create Three Vlans23
  - CLI: Create Three Vlans23
  - Web Interface: Create Three Vlans23
- Assign Ports to VLAN325
  - CLI: Assign Ports to VLAN 325
  - Web Interface: Assign Ports to VLAN 325
- Assign VLAN 3 as the Default VLAN for Port 1/0/226
  - CLI: Assign VLAN 3 as the Default VLAN for Port 1/0/226
  - Web Interface: Assign VLAN 3 as the Default VLAN for Port 1/0/227
- Create a MAC-Based VLAN27
  - CLI: Create a MAC-Based VLAN28
  - Web Interface: Assign a MAC-Based VLAN29
- Create a Protocol-Based VLAN31
  - CLI: Create a Protocol-Based VLAN31
  - Web Interface: Create a Protocol-Based VLAN32
- Virtual Vlans: Create an IP Subnet-Based VLAN35
  - CLI: Create an IP Subnet-Based VLAN36
  - Web Interface: Create an IP Subnet-Based VLAN37
- Voice Vlans38
  - CLI: Configure Voice VLAN and Prioritize Voice Traffic39
  - Web Interface: Configure Voice VLAN and Prioritize Voice Traffic41
- Configure GARP VLAN Registration Protocol46
- Private Vlans52
- Assign Private-VLAN Types (Primary, Isolated, Community)54
  - CLI: Assign Private-VLAN Type (Primary, Isolated, Community)54
  - Web Interface: Assign Private-VLAN Type (Primary, Isolated, Community)54
- Configure Private-VLAN Association56
  - CLI: Configure Private-VLAN Association56
  - Web Interface: Configure Private-VLAN Association56
- Configure Private-VLAN Port Mode (Promiscuous, Host)57
- Configure Private-VLAN Host Ports58
  - CLI: Configure Private-VLAN Host Ports58
  - Web Interface: Assign Private-VLAN Port Host Ports59
- Map Private-VLAN Promiscuous Port60
  - CLI: Map Private-VLAN Promiscuous Port60
  - Web Interface: Map Private-VLAN Promiscuous Port60
- VLAN Access Ports and Trunk Ports61
  - CLI: Configure a VLAN Trunk62
  - Web Interface: Configure a VLAN Trunk63
Chapter 3 Lags67
- Link Aggregation Concepts68
- Add Ports to Lags69
  - CLI: Add Ports to the Lags69
  - Web Interface: Add Ports to Lags69
Chapter 4 Port Routing71
- Port Routing Concepts72
- Port Routing Configuration72
- Enable Routing for the Switch73
  - CLI: Enable Routing for the Switch73
  - Web Interface: Enable Routing for the Switch74
- Enable Routing for Ports on the Switch74
  - CLI: Enable Routing for Ports on the Switch75
  - Web Interface: Enable Routing for Ports on the Switch75
- Add a Default Route77
  - CLI: Add a Default Route77
  - Web Interface: Add a Default Route78
- Add a Static Route78
  - CLI: Add a Static Route79
  - Web Interface: Add a Static Route79
Chapter 5 VLAN Routing80
- VLAN Routing Concepts81
- Create Two Vlans81
  - CLI: Create Two Vlans82
  - Web Interface: Create Two Vlans83
- Set up VLAN Routing for the Vlans and the Switch86
  - CLI: Set up VLAN Routing for the Vlans and the Switch86
  - Web Interface: Set up VLAN Routing for the Vlans and the Switch87
Chapter 6 RIP88
- Routing Information Protocol Concepts89
- Enable Routing for the Switch90
  - CLI: Enable Routing for the Switch90
  - Web Interface: Enable Routing for the Switch90
- Enable Routing for Ports91
- Enable RIP on the Switch93
  - CLI: Enable RIP on the Switch93
  - Web Interface: Enable RIP on the Switch93
- Enable RIP for Ports 1/0/2 and 1/0/394
  - CLI: Enable RIP for Ports 1/0/2 and 1/0/394
  - Web Interface: Enable RIP for Ports 1/0/2 and 1/0/394
- Configure VLAN Routing with RIP Support95
Chapter 7 OSPF100
- Open Shortest Path First Concepts101
- Inter-Area Router101
  - CLI: Configure an Inter-Area Router102
  - Web Interface: Configure an Inter-Area Router104
- OSPF on a Border Router108
  - CLI: Configure OSPF on a Border Router108
  - Web Interface: Configure OSPF on a Border Router109
- Stub Areas114
- NSSA Areas123
- VLAN Routing OSPF134
  - CLI: Configure VLAN Routing OSPF135
  - Web Interface: Configure VLAN Routing OSPF137
- Ospfv3139
  - CLI: Configure Ospfv3140
  - Web Interface: Configure Ospfv3142
Chapter 8 PBR145
- Policy-Based Routing Concepts146
- Route-Map Statements146
- PBR Processing Logic147
- PBR Configurations148
- PBR Example149
Chapter 9 ARP152
- Proxy ARP Concepts153
- Proxy ARP Examples153
Chapter 10 VRRP155
- Virtual Router Redundancy Protocol Concepts156
- VRRP on a Master Router157
  - CLI: Configure VRRP on a Master Router157
  - Web Interface: Configure VRRP on a Master Router158
- VRRP on a Backup Router159
  - CLI: Configure VRRP on a Backup Router159
  - Web Interface: Configure VRRP on a Backup Router160
Chapter 11 Acls162
- Access Control List Concepts163
- Set up an IP ACL with Two Rules164
  - CLI: Set up an IP ACL with Two Rules165
  - Web Interface: Set up an IP ACL with Two Rules166
- One-Way Access Using a TCP Flag in an ACL169
- Use Acls to Configure Isolated Vlans on a Layer 3 Switch184
- Set up a MAC ACL with Two Rules195
  - CLI: Set up a MAC ACL with Two Rules195
  - Web Interface: Set up a MAC ACL with Two Rules196
- Configure ACL Mirroring198
  - CLI: Configure ACL Mirroring199
  - Web Interface: Configure ACL Mirroring201
- Configure ACL Redirection204
  - CLI: Redirect a Traffic Stream205
  - Web Interface: Redirect a Traffic Stream206
- Add ACL Remarks209
- Change the Sequence of an ACL Rule210
- Configure a Management ACL212
- Configure Ipv6 Acls213
  - CLI: Configure an Ipv6 ACL215
  - Web Interface: Configure an Ipv6 ACL216
Chapter 12 Cos Queuing222
- Cos Queuing Concepts223
- Cos Queue Mapping223
  - Trusted Ports223
  - Untrusted Ports224
- Cos Queue Configuration224
- Show Classofservice Trust225
  - CLI: Show Classofservice Trust225
  - Web Interface: Show Classofservice Trust225
- Set Classofservice Trust Mode225
  - CLI: Set Classofservice Trust Mode225
  - Web Interface: Set Classofservice Trust Mode226
- Configure Cos-Queue Min-Bandwidth and Strict Priority Scheduler Mode226
- Set Cos Trust Mode for an Interface228
  - CLI: Set Cos Trust Mode for an Interface228
  - Web Interface: Set Cos Trust Mode for an Interface228
- Configure Traffic Shaping229
  - CLI: Configure Traffic-Shape229
  - Web Interface: Configure Traffic Shaping229
Chapter 13 Diffserv230
- Differentiated Services Concepts231
- Diffserv232
- CLI: Configure Diffserv232
  - Web Interface: Configure Diffserv235
- Diffserv for Voip248
  - CLI: Configure Diffserv for Voip248
  - Web Interface: Diffserv for Voip250
- Auto Voip255
- Diffserv for Ipv6260
  - CLI: Configure Diffserv for Ipv6261
  - Web Interface: Configure Diffserv for Ipv6262
- Color Conform Policy268
  - CLI: Configure a Color Conform Policy269
  - Web Interface: Configure a Color Conform Policy270
- WRED Explicit Congestion Notification275
Chapter 14 IGMP Snooping and Querier278
- Internet Group Management Protocol Concepts279
- IGMP Snooping279
- Show Igmpsnooping280
  - CLI: Show Igmpsnooping280
  - Web Interface: Show Igmpsnooping280
- Show Mac-Address-Table Igmpsnooping281
- External Multicast Router282
  - CLI: Configure the Switch with an External Multicast Router282
  - Web Interface: Configure the Switch with an External Multicast Router282
- Multicast Router Using VLAN283
- IGMP Querier Concepts284
- Enable IGMP Querier285
  - CLI: Enable IGMP Querier285
  - Web Interface: Enable IGMP Querier285
- Show IGMP Querier Status287
  - CLI: Show IGMP Querier Status287
  - Web Interface: Show IGMP Querier Status288
Chapter 15 MVR289
- Multicast VLAN Registration290
- Configure MVR in Compatible Mode291
  - CLI: Configure MVR in Compatible Mode292
  - Web Interface: Configure MVR in Compatible Mode294
- Configure MVR in Dynamic Mode297
  - CLI: Configure MVR in Dynamic Mode297
  - Web Interface: Configure MVR in Dynamic Mode300
Chapter 16 Security Management304
- Port Security Concepts305
- Set the Dynamic and Static Limit on Port 1/0/1306
  - CLI: Set the Dynamic and Static Limit on Port 1/0/1306
  - Web Interface: Set the Dynamic and Static Limit on Port 1/0/1306
- Convert the Dynamic Address Learned from 1/0/1 to a Static Address307
  - CLI: Convert the Dynamic Address Learned from 1/0/1 to the Static Address307
  - Web Interface: Convert the Dynamic Address Learned from 1/0/1 to the Static Address308
- Create a Static Address308
  - CLI: Create a Static Address308
  - Web Interface: Create a Static Address309
- Protected Ports309
  - CLI: Configure a Protected Port to Isolate Ports on the Switch310
  - Web Interface: Configure a Protected Port to Isolate Ports312
  - On the Switch312
- 802.1X Port Security315
  - CLI: Authenticating Dot1X Users by a RADIUS Server316
  - Web Interface: Authenticating Dot1X Users by a RADIUS Server317
- Create a Guest VLAN321
  - CLI: Create a Guest VLAN322
  - Web Interface: Create a Guest VLAN323
- Assign Vlans Using RADIUS326
  - CLI: Assign VLANS Using RADIUS327
  - Web Interface: Assign VLANS Using RADIUS329
- Dynamic ARP Inspection332
  - CLI: Configure Dynamic ARP Inspection333
  - Web Interface: Configure Dynamic ARP Inspection334
- Static Mapping337
  - CLI: Configure Static Mapping337
  - Web Interface: Configure Static Mapping338
- DHCP Snooping339
  - CLI: Configure DHCP Snooping340
  - Web Interface: Configure DHCP Snooping341
- Find a Rogue DHCP Server343
  - CLI: Find a Rogue DHCP Server343
  - Web Interface: Find a Rogue DHCP Server344
- Enter Static Binding into the Binding Database346
  - CLI: Enter Static Binding into the Binding Database346
  - Web Interface: Enter Static Binding into the Binding Database346
- Maximum Rate of DHCP Messages347
  - CLI: Configure the Maximum Rate of DHCP Messages347
  - Web Interface: Configure the Maximum Rate of DHCP Messages347
- IP Source Guard348
  - CLI: Configure Dynamic ARP Inspection349
  - Web Interface: Configure Dynamic ARP Inspection350
- Command Authorization353
  - CLI Example 1: Configure Command Authorization by a TACACS+ Server353353
  - CLI Example 2: Configure Command Authorization by a RADIUS Server356
- Privileged Exec Command Mode Authorization359
  - CLI Example 1: Configure EXEC Authorization by a TACACS+ Server359
  - CLI Example 2: Configure EXEC Authorization by a RADIUS Server362
- Accounting364
  - CLI: Configure Telnet Command Accounting by a TACACS+ Server364
  - Configure Telnet EXEC Accounting by RADIUS Server365
- Use the Authentication Manager to Set up an Authentication Method List366
  - Configure a Dot1X-MAB Authentication Method List with367
  - Dot1X-MAB Priority367
  - Configure a Dot1X-MAB Authentication Method List with368
  - MAB-Dot1X Priority368
  - Configure a Dot1X, MAB, and Captive Portal Authentication368
  - Method List with Default Priority368
- RADIUS Change of Authorization370
- Ipv6 Stateless RA Guard372
Chapter 17 MAB374
- Mac Authentication Bypass374
- MAC Authentication Bypass Concepts375
- Configure MAC Authentication Bypass on a Switch377
- Configure a Network Policy Server on a Microsoft Windows Server 2008 R2 or Later Server381
- Configure an Active Directory on a Microsoft Windows389
- Server 2008 R2 or Later Server389
- Reduce the MAB Authentication Time390
  - CLI: Reduce the Authentication Time for MAB391
  - Web Interface: Reduce the Authentication Time for MAB391
Chapter 18 SNTP393
- Simple Network Time Protocol Concepts393
- Show SNTP (CLI Only)393
- Configure SNTP394
  - CLI: Configure SNTP394
  - Web Interface: Configure SNTP396
- Set the Time Zone (CLI Only)397
- Set the Named SNTP Server397
  - CLI: Set the Named SNTP Server397
  - Web Interface: Set the Named SNTP Server398
Chapter 19 Tools401
- Traceroute401
  - CLI: Traceroute401
  - Web Interface: Traceroute402
- Configuration Scripting402
- Pre-Login Banner405
  - Create a Pre-Login Banner405
- Port Mirroring406
  - CLI: Specify the Source (Mirrored) Ports and Destination (Probe)406
  - Web Interface: Specify the Source (Mirrored) Ports and Destination (Probe)407
- Remote SPAN407
  - CLI: Enable RSPAN on a Switch408
  - Source Switch409
- Dual Image410
  - CLI: Download a Backup Image and Make It Active411
  - Web Interface: Download a Backup Image and Make It Active412
- Outbound Telnet413
- Error Disablement and Automatic Error Recovery417
- Loop Protection419
- Nondisruptive Configuration Management420
- Full Memory Dump421
Chapter 20 Syslog422
- Syslog Concepts423
- Show Logging423
  - CLI: Show Logging423
  - Web Interface: Show Logging424
- Show Logging Buffered426
  - CLI: Show Logging Buffered426
  - Web Interface: Show Logging Buffered427
- Show Logging Traplogs427
  - CLI: Show Logging Traplogs427
  - Web Interface: Show Logging Trap Logs428
- Show Logging Hosts428
  - CLI: Show Logging Hosts428
  - Web Interface: Show Logging Hosts429
- Configure Logging for a Port429
  - CLI: Configure Logging for the Port429
  - Web Interface: Configure Logging for the Port430
- Email Alerting431
  - CLI: Send Log Messages to Admin@Switch.com Using Account Aaaa@Netgear.com432
Chapter 21 Switch Stacks433
- Switch Stack Management and Connectivity434
- Stack Master and Stack Members434
- Install and Power-Up a Stack436
  - Compatible Switch Models436
  - Install a Switch Stack437
- Switch Firmware and Firmware Mismatch438
- Stack Switches Using a 10G Copper Port440
  - CLI: Configure the 10G Copper Ports as Stack Ports441
  - Web Interface: Configure the 10G Copper Ports as Stack Ports443
- Add, Remove, or Replace a Stack Member444
- Switch Stack Configuration Files447
- Preconfigure a Switch448
- Renumber Stack Members449
  - CLI: Renumber Stack Members449
  - Web Interface: Renumber Stack Members450
- Move the Stack Master to a Different Unit451
  - CLI: Move the Stack Master to a Different Unit451
  - Web Interface: Move the Stack Master to a Different Unit451
Chapter 22 SNMP452
- Add a New Community453
  - CLI: Add a New Community453
  - Web Interface: Add a New Community453
- Enable SNMP Trap454
  - CLI: Enable SNMP Trap454
  - Web Interface: Enable SNMP Trap454
- SNMP Version 3455
  - CLI: Configure Snmpv3455
  - Web Interface: Configure Snmpv3456
- Sflow457
- Time-Based Sampling of Counters with Sflow460
Chapter 23 DNS462
- Domain Name System Concepts463
- Specify Two DNS Servers463
  - CLI: Specify Two DNS Servers463
  - Web Interface: Specify Two DNS Servers463
- Manually Add a Host Name and an IP Address464
  - CLI: Manually Add a Host Name and an IP Address464
  - Web Interface: Manually Add a Host Name and an IP Address464
Chapter 24 DHCP Server465
- Dynamic Host Configuration Protocol Concepts466
- Configure a DHCP Server in Dynamic Mode466
  - CLI: Configure a DHCP Server in Dynamic Mode466
  - Web Interface: Configure a DHCP Server in Dynamic Mode467
- Configure a DHCP Server that Assigns a Fixed IP Address469
  - CLI: Configure a DHCP Server that Assigns a Fixed IP Address469
  - Web Interface: Configure a DHCP Server that Assigns a Fixed IP Address470
Chapter 25 Dhcpv6 Server472
- Dynamic Host Configuration Protocol Version 6 Concepts473
- CLI: Configure Dhcpv6 Prefix Delegation474
- Web Interface: Configure Dhcpv6 Prefix Delegation475
- Configure a Stateless Dhcpv6 Server479
  - CLI: Configure a Stateless Dhcpv6 Server479
  - Web Interface: Configure a Stateless Dhcpv6 Server480
- Configure a Stateful Dhcpv6 Server483
  - CLI: Configure a Stateful Dhcpv6 Server483
  - Web Interface: Configure a Stateful Dhcpv6 Server484
- CLI: Set up a Configuration with a Dhcpv6 Server and Dhcpv6 Relay488
  - Configure the Dhcpv6 Server488
  - Configure the Dhcpv6 Relay489
Chapter 26 Dvlans and Private Vlans491
- Double Vlans492
  - CLI: Enable a Double VLAN493
  - Web Interface: Enable a Double VLAN493
- Private VLAN Groups496
  - CLI: Create a Private VLAN Group497
  - Web Interface: Create a Private VLAN Group498
Chapter 27 STP502
- Spanning Tree Protocol Concepts503
- Configure Classic STP (802.1D)503
  - CLI: Configure Classic STP (802.1D)503
  - Web Interface: Configure Classic STP (802.1D)503
- Configure Rapid STP (802.1W)504
  - CLI: Configure Rapid STP (802.1W)504
  - Web Interface: Configure Rapid STP (802.1W)505
- Configure Multiple STP (802.1S)506
  - CLI: Configure Multiple STP (802.1S)506
  - Web Interface: Configure Multiple STP (802.1S)507
- Configure PVSTP and PVRSTP508
  - CLI: Configure PVSTP510
  - Web Interface: Configure PVSTP513
Chapter 28 Tunnels for Ipv6517
- Tunnel Concepts518
- Create a 6In4 Tunnel518
  - CLI: Create a 6In4 Tunnel519
  - Web Interface: Create a 6In4 Tunnel520
- Create a 6To4 Tunnel524
Chapter 29 Ipv6 Interface Configuration543
- Create an Ipv6 Routing Interface544
  - CLI: Create an Ipv6 Routing Interface544
  - Web Interface: Create an Ipv6 Routing Interface545
- Create an Ipv6 Routing VLAN547
  - CLI: Create an Ipv6 Routing VLAN547
  - Web Interface: Create an Ipv6 VLAN Routing Interface549
- Configure Dhcpv6 Mode on the Routing Interface551
Chapter 30 PIM556
- Protocol Independent Multicast Concepts556
- Pim-DM556
  - CLI: Configure PIM-DM558
  - Web Interface: Configure PIM-DM562
- Pim-Sm579
  - CLI: Configure PIM-SM580
  - Web Interface: Configure PIM-SM584
Chapter 31 DHCP L2 Relay and L3 Relay604
- DHCP L2 Relay605
  - CLI: Enable DHCP L2 Relay605
  - Web Interface: Enable DHCP L2 Relay607
- DHCP L3 Relay609
  - Configure the DHCP L3 Server in a Windows Server Operating System610
  - Configure a DHCP L3 Switch618
Chapter 32 MLD623
- Multicast Listener Discovery Concepts624
- Configure MLD624
  - CLI: Configure MLD625
  - Web Interface: Configure MLD627
- MLD Snooping636
  - CLI: Configure MLD Snooping637
  - Web Interface: Configure MLD Snooping638
Chapter 33 DVMRP640
- Distance Vector Multicast Routing Protocol Concepts641
- CLI: Configure DVMRP642
- Web Interface: Configure DVMRP648
Chapter 34 Link Dependency658
- Link Dependency Concepts659
- CLI: Create a Link State Group660
- Web Interface: Create a Link State Group660
Chapter 35 Captive Portals663
- Captive Portal Concepts664
- Captive Portal Configuration Concepts665
- Enable a Captive Portal665
  - CLI: Enable a Captive Portal665
  - Web Interface: Enable a Captive Portal666
- Client Access, Authentication, and Control667
- Block a Captive Portal Instance667
  - CLI: Block a Captive Portal Instance667
  - Web Interface: Block a Captive Portal Instance668
- Local Authorization, Create Users and Groups668
  - CLI: Create Users and Groups668
  - Web Interface: Create Users and Groups669
- Remote Authorization (RADIUS) User Configuration670
  - CLI: Configure RADIUS as the Verification Mode671
  - Web Interface: Configure RADIUS as the Verification Mode672
- SSL Certificates672
Chapter 36 Iscsi673
- Iscsi Concepts674
- Enable Iscsi Awareness with VLAN Priority Tag675
  - CLI: Enable Iscsi Awareness with VLAN Priority Tag675
  - Web Interface: Enable Iscsi Awareness with VLAN Priority Tag675
- Enable Iscsi Awareness with DSCP676
  - CLI: Enable Iscsi Awareness with DSCP676
  - Web Interface: Enable Iscsi Awareness with DSCP676
- Set the Iscsi Target Port677
  - CLI: Set Iscsi Target Port677
  - Web Interface: Set Iscsi Target Port677
- Show Iscsi Sessions678
  - CLI: Show Iscsi Sessions678
  - Web Interface: Show Iscsi Sessions679
Chapter 37 Override Factory Defaults680
- Override the Factory Default Configuration File681
  - CLI: Install Another Factory Defaults Configuration File681
  - CLI: Erase the Old Factory Default Configuration File682
Chapter 38 NETGEAR SFP683
- Connect with NETGEAR SFP AGM731F684
Index685

Table of Contents

Related product manuals