Manual Product Model: xStack ® DGS-3200 Series Layer 2 Managed Gigabit Ethernet Switch Release 1.
_____________________________________________ Information in this document is subject to change without notice. © 2009 D-Link Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of D-Link Corporation is strictly forbidden. Trademarks used in this text: D-Link and the D-LINK logo are trademarks of D-Link Corporation; Microsoft and Windows are registered trademarks of Microsoft Corporation.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Table of Contents Intended Readers........................................................................................................................................................................... ix Typographical Conventions ...........................................................................................................................................................................ix Notes, Notices, and Cautions ........
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Telnet Settings.............................................................................................................................................................................. 27 Password Encryption.................................................................................................................................................................... 27 CLI Paging Settings ................................................
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch PVID Auto Assign Settings ......................................................................................................................................................... 79 Port Trunking ............................................................................................................................................................................... 80 VLAN Trunk Settings ....................................................
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Lock Entries ........................................................................................................................................................................................132 DHCP Server Screening............................................................................................................................................................. 133 DHCP Screening Port Settings..............................
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Multiple Authentication Settings ................................................................................................................................................................177 Guest VLAN ...............................................................................................................................................................................................
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Save Log .................................................................................................................................................................................... 251 Save All......................................................................................................................................................................................
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Intended Readers The DGS-3200 Series Manual contains i nformation for set up an d m anagement of t he Switch. This m anual i s i ntended for network managers familiar with network management concepts and terminology. Typographical Conventions Convention Description [] In a command line, square brackets indicate an optional entry. For example: [copy filename] means that optionally you can type copy followed by the name of the file.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Notes, Notices, and Cautions A NOTE indicates important information that helps make better use of the device. A NOTICE indicates either potential damage to hardware or loss of data and tells how to avoid the problem. A CAUTION indicates a potential for property damage, personal injury, or death. Safety Cautions Use the following safety guidelines to ensure your own personal safety and to help protect your system from potential damage.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Do not push any objects into the openings of the system. Doing so can cause fire or el ectric shock by shorting out interior components. Use the product only with approved equipment. Allow the product to cool before removing covers or touching internal components. Operate the product only from the type of external power source indicated on the electrical ratings label.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CAUTION: Installing systems in a rack without the front and side stabilizers installed could cause the rack to tip over, potentially resulting in bodily injury under certain circumstances. Therefore, always install the stabilizers before installing components in the rack. After installing system/components in a rack, never pull more than one component out of the rack on its slide assemblies at one time.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Lithium Battery Precaution CAUTION: Incorrectly replacing the lithium battery of the Switch may cause the battery to explode. Replace this battery only with the same or equivalent type recommended by the manufacturer. Discard used batteries according to the manufacturer’s instructions. Protecting Against Electrostatic Discharge Static electricity can harm delicate components inside the system.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 1 Web-based Switch Configuration Introduction Logging onto the Web Manager Web-Based User Interface Introduction All software functions of the Switch can be managed, configured, and monitored via the embedded web-based (HTML) interface. Manage the Switch from remote stations anywhere on the network through a standard browser, such as Internet Explorer 5.5 or later, Net scape 8. 0 or l ater, Fi refox 2.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web-based User Interface The user i nterface provides access to various Switch configuration and management windows, allows the user to performance statistics, and permits graphical monitoring of the system status. view Areas of the User Interface The figure below shows the user interface. Three distinct areas divide the user interface, as described in the table. Figure 1- 2.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Web Pages When connecting to the management mode of the Switch with a Web browser, a login screen is displayed. Enter a user name and password to access the Switch's management mode.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: Be sure to configure the user name and password in the User Accounts window before connecting the Switch to the greater network.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 2 Configuration Device Information System Information Serial Port Settings IP Address IPv6 Interface Settings IPv6 Route Table IPv6 Neighbor Settings Port Configuration Static ARP Settings User Accounts System Log Configuration System Severity Settings DHCP/BOOTP Relay DHCP Local Relay Settings DHCP Auto Configuration Settings MAC Address Aging Time Web Settings Telnet Settings Password Encryption CLI Paging Settings Firmware Informat
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Device Information This window contains the main settings for all major functions for the Switch. It appears automatically when you log on to the Switch. To retu rn to the Device I nformation w indow af ter v iewing oth er windows, click th e DGS-3200-10/DGS-3200-16/ DGS-3200-24 folder.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Information The user can enter a System Name, System Location, and System Contact to aid in defining the Switch. To view the following window, click Configuration > System Information: Figure 2- 2. System Information window The fields that can be configured are described below: Parameter Description System Name Enter a system name for the Switch, if desired. This name will identify it in the Switch network.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Serial Port Settings The user can adjust the Baud Rate and the Auto Logout values. To view the following window, click Configuration > Serial Port Settings: Figure 2- 3. Serial Port Settings window Baud Rate This field specifies the baud rate for the serial port on the Switch. There are four possible baud rates to choose from, 9600, 19200, 38400 and 115200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch NOTE: The Switch’s factory default IP address is 10.90.90.90 with a subnet mask of 255.0.0.0 and a default gateway of 0.0.0.0. To use the DHCP or BOOTP protocols to assign the Switch an IP address, subnet mask, and default gateway address: Use the radio button at the top of the window to choose either DHCP or BOOTP. This selects the method the Switch assigns an IP address on the next reboot.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Setting the Switch’s IP Address using the Console Interface Each Switch must be assi gned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch’s default IP a ddress is 10.90.90.90. The default Switch IP address can be changed to meet the specification of your networking address scheme.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To modify an IPv6 Interface Table entry, click the corresponding Edit button. The following window opens: Figure 2- 6. IPv6 Interface Settings (Edit) window The IPv6 window i s divided i nto t hree distinct pa rts. The f ollowing parameters may b e co nfigured or viewed at the t op of t he window: Parameter Description Interface Name The name of the IPv6 interface being modified. VLAN Name Enter the VLAN name of the IPv6 interface.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IPv6 Route Table The user can configure the Switch’s IPv6 Route Table. To view the following window, click Configuration > IPv6 Route Table: Figure 2- 7. IPv6 Route Table window Enter an IPv6 address in the Gateway field and click the Create button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IPv6 Neighbor Settings The user can configure the Switch’s IPv6 neighbor settings. The Switch’s cu rrent IPv6 neighbor settings will b e displayed in the table at the bottom of this window. To view the following window, click Configuration > IPv6 Neighbor Settings: Figure 2- 8. IPv6 Neighbor Settings window Enter the Interface Name, Neighbor IPv6 Address, and the Link Layer MAC Address and then click the Add button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Configuration The Port Configuration folder contains three windows: Port Settings, Port Description, and Port Error Disabled. Port Settings To view the following window, click Configuration > Port Configuration > Port Settings: Figure 2- 9. Port Settings window To configure switch ports: 1. Choose the port or sequential range of ports using the From Port and To Port drop-down menus. 2.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Address Learning Enable or disable MAC address learning for the selected ports. When Enabled, destination and source MAC addresses are automatically listed in the forwarding table. When address learning is Disabled, MAC addresses must be manually entered into the forwarding table. This is sometimes done for reasons of security or efficiency.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Error Disabled The following window will display the information about ports that have had their connection status disabled, for reasons such as storm control or link down status. To view the following window, click Configuration > Port Configuration > Port Error Disabled: Figure 2- 11. Port Error Disabled window The following parameters are displayed: Parameter Description Port Displays the port that has been error disabled.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch After entering the IP Address and MAC Address of the Static ARP entry, click Apply to implement the new entry. To completely clear the static ARP entries, click the Delete All button. To modify a st atic ARP en try, click the Edit button located on the right side of the en try in the ARP table at th e bottom of the window.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch User Accounts The Switch allows the control of user privileges. To view the following window, click Configuration > User Accounts: Figure 2- 13. User Accounts window To add a new user, type in a User Name and New Password and retype the same password in the Confirm New Pass word field. Choose the level of privilege (Admin or User) from the Access Right drop-down menu. Figure 2- 14.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Management Admin User Configuration Yes Read-only Network Monitoring Yes Read-only Community Strings and Trap Stations Yes Read-only Update Firmware and Configuration Files Yes No System Utilities Yes No Factory Reset Yes No User Account Management Add/Update/Delete User Accounts Yes No View User Accounts Yes No System Log Configuration The System Log Configuration folder contains two windows: System Log Settings and
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Log Host The Switch can send Syslog messages to up to four designated servers using the System Log Server. To view the following window, click Configuration > System Log Configuration > System Log Host: Figure 2- 16. System Log Host window The following parameters may be configured or viewed: Parameter Description Host ID Syslog server settings index (1 to 4). Host IP Address The Ipv4 address of the Syslog server.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description System Severity Choose how the alerts are used from the drop-down menu. Select Log to send the alert of the Severity Type configured to the Switch’s log for analysis. Choose Trap to send it to an SNMP agent for analysis, or select All to send the chosen alert type to an SNMP agent and the Switch’s log for analysis.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Relay Agent Information Option 82 State This field can be toggled between Enabled and Disabled using the drop-down menu. It is used to enable or disable the DHCP Relay Agent Information Option 82 on the Switch. The default is Disabled. Enabled –When this field is toggled to Enabled, the relay agent will insert and remove DHCP relay information (option 82 field) in messages between DHCP servers and clients.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Implementation of DHCP Relay Agent Information Option 82 The config dhcp_relay opti on_82 command configures the DHCP relay ag ent information option 82 setting of the Switch . The formats for the circuit ID sub-option and the remote ID sub-option are as follows: NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero. Circuit ID sub-option format: 1. 2. 3.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP/BOOTP Relay Interface Settings Users can set up a server, by IP address, for relaying DHCP/BOOTP information to the Switch. Th e user may enter a previ ously configured IP interface on the Switch th at will b e con nected d irectly to the DHCP/BOOTP serv er u sing this wind ow. Prop erly configured settings will be di splayed i n the DHCP/BOOTP Re lay Interface Table at t he bottom of t he window, once the user clicks the Apply button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description DHCP Local Relay Global State Enable or disable the DHCP Local Relay Global State. The default is Disabled. VLAN Name This is the VLAN Name that identifies the VLAN the user wishes to apply the DHCP Local Relay operation. State Enable or disable the Config DHCP Local Relay for VLAN state. DHCP/BOOTP Local Relay VID List This is a list of VLAN IDs the user wishes to apply the DHCP/BOOTP Local Relay operations.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Aging Time Users can configure the MAC Address aging time on the Switch. To view the following window, click Configuration > MAC Address Aging Time: Figure 2 – 23. MAC Address Aging Time window Enter a value between 10 and 875 seconds.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Telnet Settings Users can configure Telnet Settings on the Switch. To view the following window, click Configuration > Telnet Settings: Figure 2 – 25. Telnet Settings window The following parameters may be configured or viewed: Parameter Description Telnet Status Telnet configuration is Enabled by default. If you do not want to allow configuration of the system through Telnet choose Disabled.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CLI Paging Settings Users can stop the scrolling of multiple pages beyond the limits of the console when using the Command Line Interface. To view the following window, click Configuration > CLI Paging Settings: Figure 2 – 27. CLI Paging Settings window The following parameter may be configured or viewed: Parameter Description CLI Paging Status Command Line Interface paging stops each page at the end of the console.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 – 29. Firmware Information window (DGS-3200-24 model) The following parameters may be configured or viewed: Parameter Description ID States the image ID number of the firmware in the Switch’s memory. The Switch can store 2 firmware images for use. Image ID 1 will be the default boot-up firmware for the Switch unless otherwise configured by the user. Version States the firmware version.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Power Saving Settings This window allows the user to implement the Switch’s built-in power saving features. When the Power Saving State is Enabled, a port which has a link down status will be turned off to save power to the Switch. This will not affect the port’s capabilities when the port status is link up.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Dual Configuration Settings Users can display dual configuration settings on the Switch. The Switch allows two configurations to be stored in its memory and either can be configured as the boot-up configuration for the Switch (the DGS-3200-24 also allows configurations to be stored on an SD-card). The user may select a boot-up configuration for the Switch by clicking the Boot button to select it.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Update Time States the specific time the configuration version was downloaded to the Switch. From States the IP address of the origin of the configuration. There are five ways a configuration may be downloaded to the Switch. Boot-up files are denoted by an asterisk (*) next to the file. Console – If the IP address has the word Console next to it, it denotes a configuration upgrade through the Console Serial Port (RS-232).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SMTP Settings SMTP or Simple Mail Transfer Protocol is a function of the Switch that will send switch events to mail recipients based on e-mail addresses entered in the wi ndow below. The Switch is t o be configured as a client of SMTP while the server is a remote device that will receive messages from the Switch, place the appropriate information into an e-mail and deliver it to recipients configured on the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Ping Test Users can Ping either an IPv4 address or an IPv6 address. Ping is a small program that sends ICMP Echo packets to the IP address you s pecify. T he destination node t hen res ponds t o or “ec hoes” the packets sent f rom the Switch. This i s very useful t o ve rify connectivity between the Switch and other nodes on the network. To view the following window, click Configuration > Ping Test: Figure 2 - 34.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNTP Settings SNTP or Simple Network Time Protocol is used by the Switch to synchronize the clock of the computer. The SNTP Settings folder contains two windows: Time Settings and TimeZone Settings. Time Settings Users can configure the time settings for the Switch. To view the following window, click Configuration > SNTP Settings > Time Settings: Figure 2 - 35.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Time Zone Settings Users can configure time zones and Daylight Savings Time settings for SNTP. To view the following window, click Configuration > SNTP Settings > Time Zone Settings: Figure 2 - 36. Time Zone Settings window The following parameters can be set: Parameter Description Daylight Saving Time State Use this drop-down menu to enable or disable the DST Settings.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To: Day Of Week Enter the day of the week that DST will end. To: Month Enter the month that DST will end. To: Time In HH:MM Enter the time DST will end. DST Annual Settings – Using annual mode will enable DST seasonal time adjustment. Annual mode requires that the DST beginning and ending date be specified concisely. For example, specify to begin DST on April 3 and end DST on October 14.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Notification Port Settings Users can set MAC notification for individual ports on the Switch. To view the following window, click Configuration > MAC Notification Settings > MAC Notification Port Settings: Figure 2 - 38. MAC Notification Port Settings window To change MAC notification settings for a port or group of ports on the Switch, configure the following parameters.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, a nd other net work devices.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Global State Settings SNMP global state settings can be enabled or disabled. To view the following window, click Configuration > SNMP Settings > SNMP Global State Settings: Figure 2 - 39. SNMP Global State Settings window Click the Apply button to let your change take effect. SNMP Linkchange Trap Settings Users can set SNMP linkchange traps.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP View Table Users can assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager. To view the following window, click Configuration > SNMP Settings > SNMP View Table: Figure 2 - 41. SNMP View Table window To delete an existing SNMP View Table entry, click the Delete button corresponding to the entry to delete.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Group Table An SNMP G roup c reated with t his t able maps SNM P u sers (i dentified in th e SNMP User Tab le) t o the views created in the previous window. To view the following window, click Configuration > SNMP Settings > SNMP Group Table: Figure 2 - 42. SNMP Group Table window To delete an existing SNMP Group Table entry, click the Delete button next to the corresponding entry.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To implement your new settings, click Apply. SNMP User Table This window displays all of the SNMP User’s currently configured on the Switch. To view the following window, click Configuration > SNMP User Table: Figure 2 - 43. SNMP User Table window To delete an existing SNMP User Table entry, click the Delete button corresponding to the entry to delete. To display the detailed entry for a given user, click on the View button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Community Table Users can create an SNMP community string to define the relationship between the SNMP manager and an agent. The community string acts like a password to permit access to the a gent on the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Host Table Users can set up SNMP trap recipients for IPv4. To view the following window, click Configuration > SNMP Settings > SNMP Host Table: Figure 2 - 45. SNMP Host Table window To add a new entry to the Switch’s SNMP Ho st Table, enter the information at the top of the window and then click the Apply button. To delete an existing SNMP Host Table entry, click the Delete button corresponding to the entry to delete.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP v6Host Table Users can set up SNMP trap recipients for IPv6. To view the following window, click Configuration > SNMP Settings > SNMP v6Host Table: Figure 2 - 46. SNMP v6Host Table window To add a new entry to the Switch’s SNMP v6Host Table, enter the information at the top of the window and then click the Apply button. To delete an existing SNMP v6Host Table entry, click the Delete button corresponding to the entry to delete.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SNMP Engine ID The Engine ID is a unique identifier used for SNMP V3 implementations on the Switch. To view the following window, click Configuration > SNMP Settings > SNMP Engine ID: Figure 2 - 47. SNMP Engine ID window To change the Engine ID, type the new Engine ID value in the space provided.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch RMON Users can enable and disable remote monitoring (RMON) status for the SNMP function on the Switch. In addition, RMON Rising and Falling Alarm Traps can be enabled and disabled. To view the following window, click Configuration > SNMP Settings > RMON: Figure 2 - 49. RMON window To enable or disable RMON for SNMP, use the radio buttons. Click Apply when finished.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch There are three classifications for switches using SIM. The Commander Switch (CS) , which is the master switch of the group, Member Switch (MS), which is a sw itch t hat i s r ecognized by the CS a member of a SIM group, an d a Candidate Switch (CaS), which is a Switch that has a physical link to the SIM group but has not been recognized by the CS as a member of the SIM group. A SIM group can only have one Commander Switch (CS).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch When a CaS becomes a MS, it autom atically becomes a m ember of t he first SNMP community (including read/write and rea d only) to which th e CS b elongs. However, if a MS h as its own IP ad dress, it can belong to SNMP co mmunities to wh ich other switches in the group, including the CS, do not belong. Upgrade to v1.61 To bet ter i mprove SIM management, t he D GS-3200 Se ries swi tches have been upgraded t o ve rsion 1.61 in t his release.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 52. Single IP Settings window for Candidate (Enabled) Parameter Description SIM State Use the drop-down menu to either enable or disable the SIM state on the Switch. Disabled will render all SIM functions on the Switch inoperable. Trap Use the drop-down menu to either enable or disable a trap. This is designed to control the sending of traps issued from a member switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Topology This window will be used to configure and manage the Switch within the SIM group and requires Java script to function properly on your computer. The Java Runtime Environment on your server should initiate and lead you to the Topology window, as seen below. Figure 2 - 54.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 - 55. Topology View window This window will display how the devices within the Single IP Management Group connect to other groups and devices. Possible icons on this window are as follows: Icon Description Group Layer 2 commander switch Layer 3 commander switch Commander switch of other group Layer 2 member switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does. See the window below for an example. Figure 2 - 56.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Group Icon Figure 2 - 58. Right-Clicking a Group Icon The following options may appear for the user to configure: Collapse – To collapse the group that will be represented by a single icon. Expand – To expand the SIM group, in detail. Property – To pop up a window to display the group information. Figure 2 - 59.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Commander Switch Icon Figure 2 - 60. Right-Clicking a Commander Icon The following options may appear for the user to configure: Collapse – To collapse the group that will be represented by a single icon. Expand – To expand the SIM group, in detail. Property – To pop up a window to display the group information. Member Switch Icon Figure 2 - 61.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Add to group – Add a candidate to a group. Clicking this option will reveal the following dialog box for the user to enter a password for au thentication fro m the Candidate Switch befo re being ad ded to th e SI M group. Click OK t o enter th e password or Cancel to exit the dialog box. Figure 2 - 63. Input password dialog box Property – To pop up a window to display the device information.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Firmware Upgrade The Commander Switch may be used for firmware upgrades of member switches. Member Switches will be listed in the table and will be specified by Port (port o n the CS wh ere the MS resides), MAC Address, Model Nam e and Version. To specify a certain Switch for firmware download, click its corresponding check box under the Port heading.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SD Card FS Settings Users can plug an SD f lash car d i nto a front sl ot on th e D GS-3200-24 ( DGS-3200-10 and DGS-3200-16 do no t support th is feature).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Format If you have inserted a new SD Flash card this button will appear. Click this button to format the new SD Flash card. Copy to Click this button to copy a file to another location. Move to Click this button to move a file to another location. Rename Click this button to rename the corresponding file or folder. Delete Click this button to delete the corresponding file or folder.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 3 L2 Features Jumbo Frame Egress Filter Settings 802.1Q VLAN Private VLAN Settings 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Egress Filter Settings Users can configure an egress filter on specific ports for unknown unicast and unregistered multicast packets. The Switch dro ps all unk nown un icast/multicast packets on egress ports when it dete cts un known unicast/multicast packets for egress ports. Therefore, a user can select which port is permitted or not permitted to receive unknown unicast/multicast packets.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Description A Virtual Local Area Network (VLAN) is a network topology configured according to a l ogical scheme rather than the physical layout. VLANs can be used to combine any collection of LAN segments into an a utonomous user group that appears as a si ngle LAN. VLANs also log ically segment th e netw ork into different broadcast domains so that packets are forwarded only between ports within the VLAN.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Forwarding rules between ports – decides whether to filter or forward the packet. Egress rules – determines if the packet must be sent tagged or untagged. Figure 3 - 3. IEEE 802.1Q Packet Forwarding 802.1Q VLAN Tags The fi gure below shows t he 802.1Q V LAN t ag. T here a re fo ur ad ditional o ctets in serted after the s ource MAC a ddress. T heir presence is indicated by a value of 0x8100 in the EtherType field.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 4. IEEE 802.1Q Tag The EtherType and VLAN ID a re inserted after t he MAC source address, but before the original EtherType/Length or Logical Link C ontrol. Because the packet is now a bit longer than it was originally, the Cyclic Redunda ncy Check (CRC) m ust be recalculated. Figure 3 - 5. Adding an IEEE 802.1Q Tag Port VLAN ID Packets that are tagged (are carrying the 802.1Q VID information) can be transmitted from one 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Tagged packets are forwarde d according to the VID c ontained within the tag. Ta gged packets are als o assigned a PVID, but the PVID is not used to make packet-forwarding decisions, the VID is. Tag-aware switches must keep a tab le to re late PVIDs wit hin the Switch to VIDs on the n etwork. The Sw itch will compare the VID of a packet to be transmitted to the VID of th e port that is to transmit the packet.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch An example is presented below: VLAN Name VID Switch Ports System (default) 1 5, 6, 7 Engineering 2 9, 10 Sales 5 1, 2, 3, 4 Table 3 - 1. VLAN Example – Assigned Ports Port-based VLANs Port-based VLANs limit traffic th at flows into and out of switch ports.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the following window, click L2 Features > 802.1Q VLAN: Figure 3 - 6. VLAN List tab of the 802.1Q VLAN window The VLAN List tab lists all previously configured VLANs by VLAN ID and VLAN Name. To delete an existing 802.1Q VLAN, click the corresponding Delete button. To create a new 802.1Q VLAN or modify an existing 802.1Q VLAN, click the Add/Edit VLAN tab.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Name Allows the entry of a name for the new VLAN or for editing the VLAN name in the Add/Edit VLAN tab. Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources, notifying that they may join the existing VLAN. Port Shows all ports of the Switch for the 802.1Q configuration option. Tagged Specifies the port as 802.1Q tagging. Clicking the radio button will designate the port as tagged.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 9. VLAN Batch Settings tab of the 802.1Q VLAN window The following fields can be set in the VLAN Batch Settings windows: Parameter Description VID List (e.g. 2-5) Enter a VLAN ID List that can be added, deleted or configured. Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources, notifying that they may join the existing VLAN. Port List (e.g.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Private VLAN Settings The Switch al lows users to create private VLA Ns. A p rivate VLA N divides the Layer 2 b roadcast domain of a VLA N into subdomains and are particularly useful for service providers who need to assign a unique VLAN to each of their customers. Each subdomain is mad e up of sev eral pairs of private VLANs, with each private VL AN pair consisting of a primary and secondary VLAN.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the following window, click L2 Features > Private VLAN Settings: Figure 3 - 11. Private VLAN Settings window Creating a new Private VLAN: Configure the following parameters in the Add Private VLAN section to create a new Private VLAN: Parameter Description VLAN Name Click the VLAN Name radio button and type the name of the private VLAN.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch If a Private VLAN matches the search criteria, the Private VLAN will appear in the list at the bottom of the window. The following information is displayed in the Private VLAN list at the bottom of the window: Parameter Description VID Displays the ID of the Private VLAN. VLAN Name Displays the name of the Private VLAN.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Editing an existing Private VLAN: In the Private VLAN list, click the Edit button next to the Private VLAN you want to modify. The following window opens: Figure 3 - 13. Private VLAN Settings (Edit) window The window is divided into two main sections, Private VLAN Settings and Private VLAN Isolated and Community Detail Table.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Community VLAN Displays the VLAN ID or VLAN name of any VLANs that have been configured as Community VLANs. Community Ports Displays the port numbers of any VLANs that have been configured as Community VLANs. Deleting a Private Isolated VLAN entry: Click the Delete button next to the Private Isolated VLAN entry you want to delete.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1v Protocol VLAN The 802.1v Pro tocol VLAN folder co ntains t wo wi ndows: 802.1v Protocol Gr oup Se ttings and 802.1v Pr otocol VL AN Settings. 802.1v Protocol Group Settings Users can c reate Prot ocol VLAN g roups a nd a dd protocols t o t hat group. T he 8 02.1v P rotocol VLAN Group Set tings s upport multiple VLANs for each protocol and allows the user to configure the untagged ports of different protocols on the same physical port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1v Protocol VLAN Settings Users can configure Protocol VLAN settings. The lower half of the table displays any previously created settings. To view the following window, click L2 Features > 802.1v Protocol VLAN > 802.1v Protocol VLAN Settings: Figure 3 - 15. 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based VLAN Settings Users can create new MAC-based VLAN entries and search, edit, and delete existing entries. When an entry is created for a port, the port will au tomatically become the untagged member port of the specified VLAN. When a static MAC-based VLAN entry is created for a user, th e traffic from this user will be able to be serviced under the specified VLAN regardless of the authentication function operating on this port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields can be set: Parameter Description From Port This drop-down menu allows the selection of the beginning port for a range of ports that will be included in the Port-based VLAN. To Port This drop-down menu allows the selection of the ending port for a range of ports that will be included in the Port-based VLAN. PVID This field is used to manually assign a PVID to a VLAN.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Trunking Understanding Port Trunk Groups Port t runk groups a re u sed t o com bine a num ber o f ports t ogether t o make a si ngle hi gh-band-width data pi peline. Another advantage of i mplementing port t runk g roups i s redundancy, as i f o ne o f t he ports or l inks fails i n t he port t runk group, t he network connection to t he remote Switch will be maintained.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Switch treats all ports in a trunk group as a single port. Data transmitted to a specific host (destination address) will always be transmitted over the same port in a trunk group. This allows packets in a data stream to arrive in the same order they were sent.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The user-changeable parameters are as follows: Parameter Description Algorithm Toggle between MAC Source Dest and IP Source Dest. Group ID Select an ID number for the group, between 1 and 5 for the DGS-3200-10, between 1 and 8 for the DGS-3200-16, and between 1 and 12 for the DGS-3200-24. Type This drop-down menu allows users to select between Static and LACP (Link Aggregation Control Protocol).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch VLAN Trunk Settings Enable VLAN on a port to allow frames belonging to unknown VLAN groups to pass through that port. This is useful if you want to set up VLAN groups on end devices without having to configure the same VLAN groups on intermediary devices. Refer to th e following figure fo r an illu strated ex ample. Suppose you want to create VLAN gro ups 1 and 2 (V1 and V2) on devices A and B.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch LACP Port Settings In conjunction with the Trunking window, users can create port trunking groups on the Switch. Using the following window, the user may set which ports will be active and passive in processing and sending LACP control frames. To view the following window, click L2 Features > LACP Port Settings: Figure 3 - 23.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single or group of ports, to a group of ports. This method of segmenting the flow of traffic is sim ilar to using VLANs to limit traffic, but is m ore restrictive. It provides a method of directing traffic that does not increase the overhead of the Master switch CPU. To view the following window, click L2 Features > Traffic Segmentation: Figure 3 - 24.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To enable IGMP Snooping globally on the Switch: Click the Enabled radio button. Click the Apply button to apply the IGMP Snooping setting. The following parameters may be viewed in the IGMP Snooping Settings window: Parameter Description VID (VLAN ID) This is the VLAN ID that, along with the VLAN Name, identifies the VLAN the user wishes to modify the IGMP Snooping Settings for.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Editing the IGMP Snooping parameters for a VLAN: Click the Edit button next to the VLAN you want to edit. The following window appears: Figure 3 - 26. IGMP Snooping Parameters Settings window The IGMP Snooping Parameters Settings window is divided into two sections.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Router Timeout (1-16711450 sec) This specifies the time-out for dynamically learned router ports. Default = 260. Leave Timer (1-16711450 sec) This specifies the maximum amount of time in seconds between the Switch receiving a leave group message from a host, and the Switch issuing a group membership query.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Data Driven Learning Settings The S witch al lows y ou t o i mplement dat a driven l earning f or IGMP s nooping g roups. If data-driven l earning, al so k nown as dynamic IP multicast learning, is ena bled for a VLAN, when the Switc h receives IP multicast traffic on the VLAN, a n IGMP snooping group is created. Learning of an entry is not activated by IGMP membership registration, but activated by the traffic.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch ISM VLAN Settings In a switching environment, multiple VLANs may exist. Every time a multicast query passes through the Switch, the switch must forward separate different copies of the data to each VLAN on the system, which, in turn, increases data traffic and may clog up the traffic path. To lighten the traffic l oad, multicast VLANs may be incorporated.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Member Port (e.g.: 1-4, 6) Enter a port or list of ports to be added to the Multicast VLAN. Member ports shall be the untagged members of the multicast VLAN. Tagged Member Port Enter a port or list of ports that will become tagged members of the Multicast VLAN. VID (2-4094) Add the corresponding VLAN ID of the Multicast VLAN. Users may enter a value between 2 and 4094.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch When you have f inished co nfiguring the prev ious parameters, click th e Add button to add the new ISM VLAN. The new ISM VLAN will appear in the list at the bottom of the window, as shown below: Figure 3 - 29. ISM VLAN Settings window Editing an existing ISM VLAN Setting entry: 1. Click the Edit button next the ISM VLAN you want to edit. 2.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Editing an existing ISM VLAN Group List Setting: 1. Click the Group List link next the ISM VLAN you want to edit. 2. The following window opens: Figure 3 - 30. ISM VLAN Group List Settings window 3. Type in a name to identify the new profile in the Profile Name field. 4. Click the Add button to add the new profile. Returning to the ISM VLAN window: Click the Show ISM VLAN Entries link to return to the ISM VLAN window.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Editing an existing ISM VLAN Group List Setting: 1. Click the Group List link next the ISM Profile you want to edit. 2. The following window opens: Figure 3 - 32. ISM VLAN Settings window 3. Type in the Multicast address range you want to add to the ISM Profile in the Multicast Address List field. 4. Click the Add button to add the Multicast Address List to the ISM profile.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 3 - 34. Multicast Address Group List Settings window Enter the multicast IP address list, starting with the lowest in the range, and then click Add. To return to the IP Multicast Profile Settings window, click the <
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To configure the Multicast Address Filtering function on a port for a specific Profile, configure the parameters in the center of the window as described below: Parameter Description From / To Use the drop-down menus to specify the range of ports that need to have the multicast address filtering function added/removed.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MLD Control Messages Three t ypes of m essages are t ransferred be tween de vices usi ng M LD snooping. T hese t hree m essages are al l de fined by f our ICMPv6 packet headers, labeled 130, 131, 132, and 143. 1. Multicast Listener Query – Sim ilar to th e IGMPv 2 Host Mem bership Query fo r IPv4, an d labeled as 130 in th e ICMPv6 packet header, this message is sent by the router to ask if an y link is requ esting multicast data.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Used to enable or disable MLD snooping for the specified VLAN. This field is Disabled by default. State To configure a specific VLAN for MLD Snooping, click the VLAN’s corresponding Edit button. The following window appears: Figure 3 - 38.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Last Listener Query Interval (1-25 Sec) Use this parameter to specify the maximum amount of time between group-specific query messages, including those sent in response to done-group messages. You might lower this interval to reduce the amount of time it takes a router to detect the loss of the last listener of a group. Default: 1 second.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Mirroring The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port. This is useful for network monitoring and troubleshooting purposes. To view the following window, click L2 Features > Port Mirroring: Figure 3 - 39.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Loopback Detection Settings The L oopback Det ection function i s u sed to det ect t he l oop c reated by a specific port. T his feature is u sed to temporarily shutdown a port on the Switch when a CTP (Configuration Testing Protocol) packet has been looped back to the Switch. When the Switch de tects CTP packets receive d from a port or a VL AN, t his signifies a loop on th e network.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Trap Status Set the desired trap status: None, Loop Detected, Loop Cleared, or Both. Interval (1-32767) Set a Loopdetect Interval between 1 and 32767 seconds. The default is 10 seconds. Recover Time (0 or 601000000) Time allowed (in seconds) for recovery when a Loopback is detected. The Loopdetect Recover Time can be set at 0 seconds, or 60 to 1000000 seconds. Entering 0 will disable the Loopdetect Recover Time. The default is 60 seconds.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1D-2004 Rapid Spanning Tree The Switch implements three versions of the Spanning Tree Protocol, the Multiple Spanning Tree Protocol (MSTP) as defined by the IE EE 802.1Q-2005, t he Rapid S panning T ree P rotocol (R STP) as defined by t he IEEE 8 02.1D-2004 specification a nd a version compatible with the IEEE 802.1D-1998 STP. RSTP can operate with legacy equipment implementing IEEE 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The Spanning Tree Protocol (STP) operates on two levels: 1. On the switch level, the settings are globally implemented. 2. On the port level, the settings are implemented on a per user-defined group of ports basis.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Bridge Global Settings Use the STP Status radio buttons to enable or disable STP globally, and use the STP Version drop-down menu to choose the STP method. To view the following windows, click L2 Features > Spanning Tree > STP Bridge Global Settings: Figure 3 - 42. STP Bridge Global Settings window – RSTP (default) Figure 3 - 43. STP Bridge Global Settings window – MSTP Figure 3 - 44.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch See the table below for descriptions of the STP versions and corresponding setting options. NOTE: The Bridge Hello Time cannot be longer than the Bridge Max Age. Otherwise, a configuration error will occur.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Port Settings STP can be set up on a port per port basis. To view the following window, click L2 Features > Spanning Tree > STP Port Settings: Figure 3 - 45. STP Port Settings window It is advisable to define an STP Group to correspond to a VLAN group of ports. The following STP Port Settings fields can be set: Parameter Description From Port The beginning port in a consecutive group of ports to be configured.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Forward BPDU Use the drop-down menu to enable or disable the flooding of BPDU packets when STP is disabled. Edge Choosing the True parameter designates the port as an edge port. Edge ports cannot create loops, however an edge port can lose edge port status if a topology change creates a potential for a loop. An edge port normally should not receive BPDU packets. If a BPDU packet is received, it automatically loses edge port status.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch STP Instance Settings This window displays MSTIs currently set on the Switch and allows users to change the Priority of the MSTIs. To view the following window, click L2 Features > Spanning Tree > STP Instance Settings: Figure 3 - 47. STP Instance Settings window To modify an entry on the table at the top of the window, click the corresponding Edit button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MSTP Port Information This window displays the current MSTI configuration information and can be used to update the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state. Set a higher priority value for interfaces to be selecte d for forwa rding first.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Forwarding & Filtering The Forwarding & Filtering folder con tains th ree windows: Unicast Forw arding, Multica st Forwarding, and Multicast Filtering Mode. Unicast Forwarding Users can set up unicast forwarding on the Switch. To view the following window, click L2 Features > Forwarding & Filtering > Unicast Forwarding: Figure 3 - 49.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description VID The VLAN ID of the VLAN the corresponding MAC address belongs to. Multicast MAC Address The static destination MAC address of the multicast packets. This must be a multicast MAC address. Port Allows the selection of ports that will be members of the static multicast group and ports that are either forbidden from joining dynamically, or that can join the multicast group dynamically, using GMRP.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 4 QoS Bandwidth Control Traffic Control 802.1p Default Priority 802.1p User Priority QoS Scheduling Mechanism QoS is an i mplementation of the IEEE 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch see if it h as the prop er id entifying tag . Then th e us er ma y f orward th ese ta gged packets to designated classes of se rvice on th e Switch where they will be emptied, based on priority. For example, let’s say a user wishes to have a vi deo conference between two remotely set computers. The administrator can add priority tags t o the video packets being sent out, utilizing the A ccess Profile c ommands.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Bandwidth Control The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port. To view the following window, click QoS > Bandwidth Control: Figure 4 - 2. Bandwidth Control window The following parameters can be set or are displayed: Parameter Description From Port The beginning port of a consecutive group of ports to be configured.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Traffic Control On a c omputer network, packets s uch as Multicast packets and Broa dcast pac kets continually f lood th e n etwork as nor mal procedure. At times, this traffic m ay increase do to a m alicious endstation on the network or a m alfunctioning device, such as a faulty network card. Thus, switch throughput problems will arise and consequently affect t he overall performance of th e switch network.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Shutdown – Utilizes the Switch’s software Traffic Control mechanism to determine the Packet Storm occurring. Once detected, the port will deny all incoming traffic to the port except STP BPDU packets, which are essential in keeping the Spanning Tree operational on the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1p Default Priority The Switch allows the assignment of a default 802.1p priority to each port on the Switch. To view the following window, click QoS > 802.1p Default Priority: Figure 4 - 4. 802.1p Default Priority window This page allows the user to assign a default 802.1p priority to any given port on the Switch. The priority and e ffective priority tags are numbered from 0, the lowest priority, to 7, the highest priority.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch QoS Scheduling Mechanism The Scheduling Mechanism drop-down menu allows a selection between a Weight Fair and a Strict mechanism for emptying the priority classes. To view the following window, click QoS > QoS Scheduling Mechanism: Figure 4 - 6. QoS Scheduling Mechanism window The QoS Scheduling Mechanism window has the following parameters.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 5 Security Safeguard Engine Trusted Host IP-MAC-Port Binding (IMPB) Port Security DHCP Server Screening Guest VLAN 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 1. Safeguard Engine example For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will discard ingress ARP and IP broadcast packets and packets from untrusted IP a ddresses. In the example above, the Switch doubled the time for dropping A RP and IP broadcast p ackets when con secutive f looding issues w ere detected at 5-second in tervals.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Parameter Description Safeguard Engine State Use the radio button to globally enable or disable Safeguard Engine settings for the Switch. Rising Threshold (20% - 100%) Used to configure the acceptable level of CPU utilization before the Safeguard Engine mechanism is enabled. Once the CPU utilization reaches this percentage level, the Switch will move into Exhausted mode, based on the parameters provided in this window.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MAC-Port Binding (IMPB) General Overview The DGS-3200 Series switches offer IP-MAC-Port Binding (IMPB), a D-Link security application used most often on edge switches directly connected to network hosts. IMPB is also an integral part of D-Link’s End-to-End Security Solution (E2ES).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch ACL Mode In ACL Mode, a switch performs IP Packet Inspection in addition to ARP Packet Inspection. Essentially, ACL rules will be used to permit statically configured IMPB entries and deny other IP packets with the incorrect IP-MAC pairs. The distinct advantage of ACL Mode is that it ensures better security by ch ecking both ARP Packets and IP Packets. However, doing so requires the use of ACL rules.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IMPB Global Settings Users can enable or disable the global IMPB settings: Trap Log State and DHCP Snoop state, on the Switch. The Trap/Log field will enable and disable the sending of trap log messages for IP-MAC binding. When enabled, the Switch will send a trap m essage to t he SNMP a gent a nd t he Switch log when a n ARP pac ket is receive d th at doesn’t m atch the IP-MAC binding configuration set on the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IMPB Port Settings Users can configure IMPB settings on a port basis. Select a port or a range of ports with the From Port and To Port fields. Enable or disable the port with Strict or Loose State, enable or disable Allow Zero IP and Forward DHCP Packet fields, and configure the port’s Max IMPB entry. To view this window, click Security > IP-MAC-Port Binding (IMPB) > IMPB Port Settings, as shown below: Figure 5 - 7.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields can be set or modified: Parameter Description From Port/To Port Select a range of ports to set for IP-MAC-port binding. State Use the drop-down menu to enable or disable these ports for IP-MAC Binding. Enabled (Strict) – This state provides a stricter method of control. If the user selects this mode, all packets are blocked by the Switch by default.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Max Entry (1-50) Enter the maximum number of DHCP Snooping entries that can be learned on the ports specified in the From Port / To Port drop-down menus. To specify that there should be no limit on the number of DHCP Snooping entries that can be learnt on the ports, tick the No Limit checkbox. Click Apply to implement the settings made. IMPB Entry Settings This table, also known as the “IMPB white list.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Snooping Entries This table is used to view DHCP snooping entries on specific ports. To view the following window, click Security > IP-MAC-Port Binding (IMPB) > DHCP Snooping Entries: Figure 5 - 9. DHCP Snooping Entries window The following fields can be set or modified: Parameter Description Port Use the drop-down menu to select the desired port. Ports (e.g.: 1, 7-12) Specify the ports for which to view DHCP snooping entries.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Block List This table is used to view unauthorized devices that have been blocked by IP-MAC binding restrictions. To find an unauthorized device M AC address t hat h as bee n blocked by t he I P-MAC bi nding rest rictions, e nter t he V ID and M AC Address i n t he appropriate fields and click Find. To view all entries, click the View All button. To delete an entry, click the Delete button next to the entry’s port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Security The Port Security folder contains two windows: Port Security Settings and Port Lock Entries. Port Security Settings A given port’s (or a range of ports') dynamic MAC address learning can be l ocked such that the current source MAC addresses entered i nto t he M AC a ddress f orwarding t able ca n not b e cha nged once th e port lo ck is en abled.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Lock Entries Users can remove an entry from the port security entries learned by the Switch and entered into the forwarding database. To view the following window, click Security > Port Security > Port Lock Entries: Figure 5 - 12.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Server Screening The DHCP Server Screening folder contains two windows: DHCP Screening Port Settings and DHCP Offer Filtering. DHCP Screening Port Settings The Switch supports DHCP Server Screening, a feature that denies access to rogue DHCP servers. When the DHCP server filter function is enabled, all DHCP server packets will be filtered from a specific port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DHCP Offer Filtering This function allows the user to not only restrict all DHCP Server packets but also to receive any specified DHCP server packet by any speci fied DHCP cl ient, it i s useful when o ne or m ore DHC P servers are present on t he net work an d both p rovide D HCP services to different distinct groups of clients.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Guest VLAN On 802 .1X secu rity-enabled n etworks, t here is a need fo r non 802.1X supported de vices to gain limited access to the net work, due t o l ack of t he p roper 80 2.1X s oftware or i ncompatible devices, s uch as c omputers r unning Windows 98 or ol der operating systems, or the ne ed for guests to gain access to the network without full authorization or l ocal authentication on the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1X (Port-based and Host-based Access Control) The IEEE 802.1X standard is a security measure for authorizing and authenticating users to gain access to various wired or wireless devices on a specified Local Area Network by using a Client and Server based access control model.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Server The Authentication Server is a remote device that is connected to the same network as the Client and Authenticator, must be running a RADIUS Server program and must be configured properly on the Authenticator (Switch). Clients connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Client The Client is simply the endstation that wishes to gain access to the LAN or switch services. All end stations must be running software that is compliant with the 802.1X protocol. For users running Windows XP and Windows Vista, that software is included within the operating system. All other users are required to attain 802.1X client software from an outside source.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Understanding 802.1X Port-based and Host-based Network Access Control The original intent behind the development of 802.1X was to leverage the characteristics of point-to-point in LANs. As any single LAN segment in such infrastructures has no more than two devices attached to it, one of which is a Brid ge Port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Host-based Network Access Control RADIUS Server Ethernet Switch … 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client 802.1X Client Network access controlled port Network access uncontrolled port Figure 5 - 24. Example of Typical Host-based Configuration In order to successfully make use of 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1X Settings Users can configure 802.1X authenticator settings. To view the following window, click Security > 802.1X > 802.1X Settings: Figure 5 - 25. 802.1X Settings window Use the From Port and To Port drop-down menus to configure the settings by port(s): This window allows setting of the following features: Parameter Description Authentication Mode Choose the 802.1X authentication mode, Disabled, Port Based, or MAC Based.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch TxPeriod (1-65535) This sets the TxPeriod of time for the authenticator PAE state machine. This value determines the period of an EAP Request/Identity packet transmitted to the client. The default setting is 30 seconds. ReAuthPeriod A constant that defines a nonzero number of seconds between periodic reauthentication of the client. The default setting is 3600 seconds.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Initialize Port(s) Existing 802.1X port and host settings are displayed and can be configured using the two windows below. To initialize ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.1X Settings window. To view the following window, click Security > 802.1X > Initialize Port(s): Figure 5 - 27. Initialize Port(s) window for Port-based 802.1X This window allows initialization of a port or group of ports.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Reauthenticate Port(s) Users can display and configure reauthenticate ports for 802.1X port and host using the two windows below. To reauthenticate ports for the port side of 802.1X, the user must first enable 802.1X by port in the 802.1X Settings window To view the following window, click Security > 802.1X > Reauthenticate Port(s): Figure 5 - 29. Reauthenticate Port(s) window for Port-based 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentic RADIUS Server The RADIUS featu re o f the Switch allows th e u ser to facilitate centralized u ser administration as wel l as p roviding p rotection against a sniffing, active hacker. The Web manager offers three windows. To view the following window, click Security > 802.1X > Authentic RADIUS Server: Figure 5 - 31.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSL Settings Secure So ckets Layer, or SSL, is a security featu re t hat will provide a secu re co mmunication path b etween a host an d clien t through the use of authentication, digital signatures and encryption.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the following window, click Security > SSL Settings: Figure 5 - 32. SSL Settings window To set up the SSL function on the Switch, configure the parameters in the SSL Settings section described below and click Apply. To set up the SSL ciphersuite function on the Switch, configure the parameters in the SSL Ciphersuite Settings section described below and click Apply.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Certificate File Name Enter the path and the filename of the certificate file to download. This file must have a .der extension. (Ex. c:/cert.der) Key File Name Enter the path and the filename of the key file to download. This file must have a .der extension (Ex. c:/pkey.der) Click Apply to implement changes made.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSH Configuration Users can configure and view settings for the SSH server. To view the following window, click Security > SSH > SSH Configuration: Figure 5 - 33. SSH Configuration window To configure the SSH server on the Switch, modify the following parameters and click Apply: Parameter Description SSH Server Status Use the radio buttons to enable or disable SSH on the Switch. The default is Disabled.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSH Authmode and Algorithm Settings Users can c onfigure t he desired t ypes of SSH al gorithms used for a uthentication e ncryption. The re are three c ategories of algorithms l isted a nd speci fic al gorithms o f eac h m ay be ena bled or disabled by t icking t heir c orresponding c heck b oxes. All algorithms are enabled by default. To view the following window, click Security > SSH > SSH Authmode and Algorithm Settings: Figure 5 - 34.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Twofish128 Use the check box to enable or disable the twofish128 encryption algorithm. The default is enabled. Twofish192 Use the check box to enable or disable the twofish192 encryption algorithm. The default is enabled. Twofish256 Use the check box to enable or disable the twofish256 encryption algorithm. The default is enabled.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch SSH User Authentication Mode Users can configure parameters for users attempting to access the Switch through SSH. To view the following window, click Security > SSH > SSH User Authentication Mode: Figure 5 - 35. SSH User Authentication Mode window In the window above, the User Account “ctsnow” has been previously set using the User Accounts window in the Configuration folder.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Access Authentication Control The TACACS / XTACACS / TACACS+ / RADI US commands allow users to secure access to the Switch using the TACAC S / XTACACS / TACACS+ / RADIUS protocols. When a user logs in to the Switch or tries to access the administrator level privilege, he or she is prompted for a password.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Policy and Parameter Settings Users can en able an ad ministrator-defined authentication policy for users trying to access th e Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login. To v iew the fo llowing windo w, click Security > Acce ss Authentic ation Control > Authentic ation P olicy and P arameter Settings: Figure 5 - 36.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters can be set: Parameter Description Application Lists the configuration applications on the Switch. The user may configure the Login Method List and Enable Method List for authentication for users utilizing the Console (Command Line Interface) application, the Telnet application, SSH, and the Web (HTTP) application.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 39. Edit Server Group tab of the Authentication Server Group window To add an Authentication Server Host to the list, en ter its na me in the Group Name field, IP a ddress in the IP Address field, use the drop-down menu to choose the Protocol associated with the IP address of the Authentication Server Host, and then click Add to add this Authentication Server Host to the group.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authentication Server Host User-defined Authentication Server Hosts for the TACACS / XTACACS / TACACS+ / RADIUS security protocols can be set on the Switch. When a user attem pts to acces s the Switch with Authentication Policy enabled, t he Switch will send authentication packets to a remote TACACS / XTACACS / TACACS+ / RADIUS server host on a remote host.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Login Method Lists User-defined or default Login Method List of authentication techniques can be configured for users logging on to the Switch. The sequence of techniques implemented in this command will affect the authentication result. For example, if a user enters a sequence of techniques, for example TACACS - XTACACS- local, the Switch will send an authentication request to the first TACACS host in th e serv er group.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Method Lists Users can set up Method Lists to pro mote users with user lev el privileges to Ad ministrator (Ad min) level priv ileges using authentication methods on t he Swi tch. O nce a use r ac quires normal user l evel privileges on t he S witch, he or s he m ust be authenticated by a method on the Switch to gain administrator privileges on the Switch, which is defined by the Administrator.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configure Local Enable Password Users can configure the locally enabled password for Enable Admin. When a user chooses the "local_enable" method to promote user level privileges to administrator privileges, he or she will be prompted to en ter the password configured here that is lo cally set on the Switch. To view the following window, click Security > Access Authentication Control > Configure Local Enable Password: Figure 5 - 43.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC-based Access Control (MAC) MAC-based Access Control is a method to authenticate and authorize access using either a port or host. For port-based MAC, the method decides port access rights, while for host-based MAC, the method determines the MAC access rights. A MAC user must be authe nticated be fore being granted access to a network. Bot h l ocal aut hentication a nd remote RADIUS server a uthentication m ethods are s upported.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The M AC Settings window is d ivided in to fo ur m ain sectio ns. Th e top sectio n co nfigures th e M AC G lobal State, th e seco nd section is used to specify and configure the method used for authentication, the third section is used to configure the Guest VLAN settings, and the fourth section is used to configure the ports that require MAC Settings configuration.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configuring MAC Settings Configuration on Ports: Parameter Description From Port The beginning port of a range of ports to be configured for MAC-based Access Control. To Port The ending port of a range of ports to be configured for MAC-based Access Control. State Use this drop-down menu to enable or disable MAC-based Access Control on the port or range of ports selected in the Port Settings section of this window.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Local Settings Users can set a list of M AC addresses, along with their corresponding target VLAN, which will be authenticated for the Switch. Once a queried MAC a ddress is m atched in this wi ndow, it will be placed in the VLAN associated with it he re. The Switch administrator may enter up to 128 MAC addresses to be authenticated using the local method configured here.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 - 47.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Conditions and Limitations 1. If the client is utilizing DHCP to attain an IP address, the authentication VLAN must provide a DHCP server or a DHCP relay function so that client may obtain an IP address. 2. Certain functions exist on the Switch that will filter HTTP packets, such as the Access Profile function.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Default Redirpath Enter the URL of the website that authenticated users placed in the VLAN are directed to once authenticated. This path must be entered into this field before the Web-based Access Control can be enabled. Clear Default Redirpath Use the radio buttons to specify if the client will be directed to another URL if authenticating successfully.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To set the User Account settings for the Web authentication by the Switch, complete the following fields: Parameter Description Create WAC User User Name Enter the user name of up to 15 alphanumeric characters of the guest wishing to access the Web through this process. This field is for administrators who have selected Local as their Web-based authenticator. Password Enter the password the administrator has chosen for the selected user.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch WAC Port Settings Users can view and set port configurations for Web authentication. To view the following window, click Security > Web-based Access Control (WAC) > WAC Port Settings: Figure 5 - 50. WAC Port Settings window To set the WAC on individual ports for the Switch, complete the following fields: Parameter Description From Port Use this drop-down menu to select the beginning port of a range of ports to be enabled as WAC ports.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Japanese Web-based Access Control (JWAC) The Japanese Web-based Access Contr ol (JWAC) f older c ontains fi ve windows: JWAC Gl obal Se ttings, JW AC Port Settings, JWAC User Settings, JWAC Customize Page Language, and JWAC Customize Page. JWAC Global Settings Users can enable and c onfigure Ja panese Web-based Access Control on th e Switch . Please note th at JWAC an d Web Authentication are m utually exclusi ve functions.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch UDP Filtering This parameter enables or disables JWAC UDP Filtering. When UDP Filtering is Enabled, all UDP and ICMP packets except DHCP and DNS packets from unauthenticated hosts will be dropped. Forcible Logout This parameter enables or disables JWAC Forcible Logout.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Port Settings Users can configure JWAC port settings for the Switch. To view the following window, click Security > Japanese Web-based Access Control (JWAC) > JWAC Port Settings: Figure 5 - 52. JWAC Port Settings window To set the JWAC on individual ports for the Switch, complete the following fields: Parameter Description From Port Use this drop-down menu to select the beginning port of a range of ports to be enabled as JWAC ports.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC User Settings Users can configure JWAC user settings for the Switch. To view the following window, click Security > Japanese Web-based Access Control (JWAC) > JWAC User Settings: Figure 5 - 53. JWAC User Settings window To set th e User Account settings for the JWAC by the Switch, complete the following fields and then click the Add button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Customize Page Users can configure JWAC page settings for the Switch. To view the following window, click Security > Japanese Web-based Access Control (JWAC) > JWAC Customize Page: Figure 5 - 55. JWAC Customize Page window Complete th e JW AC au thentication informatio n o n t his wind ow to set th e JWAC p age setting s. En ter a name fo r th e Authentication in the first field and then click the Apply button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Any (MAC, 802.1X or WAC) Mode Figure 5 - 56. Any (MAC, 802.1X or WAC) Mode In the diagram above the Switch port has been configured to allow clients to authenticate using 802.1X, MBAC, or WAC. When a client tries to connect to the network, the Switch will try to au thenticate the client using one of these methods and if the cl ient passes they will be granted access to the network. Any (MAC, 802.1X or JWAC) Mode Figure 5 - 57.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1X & IMPB Mode Figure 5 - 58. 802.1X & IMPB Mode This mode adds an ex tra layer of security by ch ecking the IP MAC-Binding Port Binding (IMPB) table b efore trying one of the supported au thentication m ethods. Th e IM PB Ta ble is used t o create a ‘white list’ that checks if t he IP streams being sent by authorized hosts ha ve been granted o r not.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch This mode adds an ex tra layer of security by ch ecking the IP MAC-Binding Port Binding (IMPB) table b efore trying one of the supported aut hentication m ethods. The IMPB Ta ble is used to create a ‘wh ite-list’ that checks if t he IP stream s being se nt by authorized hosts ha ve been granted o r n ot. I n t he ab ove di agram, th e Switch port has been con figured to allow clien ts to authenticate using either WAC or JWAC.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Methods The multiple authentication method options include: None, Any (MAC, 802.1X or WAC/JWAC), 802.1X+IMPB, IMPB+JWAC, and IMPB+WAC. None means all multiple authentication methods are disabled. Any (MAC, 802.1X or WAC/JWAC) means if any of the authentication methods pass, then access will be granted. In this mode, MBAC, 802.1X and WAC/JWAC) can be enabled on a port at the same time. In Any (MAC, 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IGMP Access Control Settings (IGMP Authentication) Users can set IGMP a uthentication, otherwise known a s IGMP acces s control, on i ndividual port s on the Switch. When t he Authentication State is Enabled, a nd t he Switch receives an IGMP join re quest, t he Switch will se nd t he acce ss request to th e RADIUS server to do the authentication.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch ARP Spoofing Prevention Settings Users ca n t ry to prevent ARP s poofing by hac kers a nd other unauthorized parties t rying t o acc ess t he S witch by usi ng t he following security feature. To view the following window, click Security > ARP Spoofing Prevention Settings: Figure 5 - 64. ARP Spoofing Prevention Settings window Enter a Gateway IP address, Gateway MAC address, and a Port List and then click the Apply button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 6 ACL ACL Configuration Wizard Access Profile List CPU Access Profile List Time Range Settings ACL Configuration Wizard In order to m ake access profile and rule c reation significantly easier to use, an ACL wizard has been introduced in t he current firmware release. Of course, advanced users can still manually configure access profiles and rules in the Access Profile List i n the next section.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Access Profile List Access profiles allo w you to estab lish criteria to d etermine wh ether t he Switch will forward packets based on th e i nformation contained in each packet's header. The Switch supports four Profile Types, Ethernet ACL, IPv4 ACL, IPv6 ACL, and Packet Content ACL. Creating an access profile is divided into two basic parts.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The window shown below is the Add ACL Profile window for Ethernet: Figure 6 - 3. Add ACL Profile window for Ethernet ACL The following parameters can be set for the Ethernet ACL type: Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1p Selecting this option instructs the Switch to examine the 802.1p priority value of each packet header and use this as the, or part of the criterion for forwarding. Ethernet Type Selecting this option instructs the Switch to examine the Ethernet type value in each frame's header. Click Create to create the new ACL Profile..
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters can be set for the IPv4 ACL type: Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 200. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet content. This will change the window according to the requirements for the type of profile.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch dst port mask - Specify a UDP port mask for the destination port in hex form (hex 0x0-0xffff). Protocol ID - Enter a value defining the protocol ID in the packet header to mask. Specify the protocol ID mask in hex form (hex 0x0-0xff). Click Apply to implement changes made.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet content. This will change the window according to the requirements for the type of profile. Select Ethernet ACL to instruct the Switch to examine the layer 2 part of each packet header. Select IPv4 ACL to instruct the Switch to examine the IPv4 address in each frame's header.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 9. Add ACL Profile window for Packet Content The following parameters can be set for the Packet Content type: Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 200. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet content.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch chunk0 chunk1 chunk2 …… chunk29 chunk30 chunk31 B126, B127, B2, B6, …… B114, B118, B122, B3, B7, B115, B119, B123, B0, B4, B8, B116, B120, B124, B1 B5 B9 B117 B121 B125 Example: offset_chunk_1 0 0xffffffff will match packet byte offset 126, 127, 0, 1 offset_chunk_1 0 0x0000ffff will match packet byte offset, 0,1 Note: Only one packet content mask profile can be created at a time.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 12. Add Access Rule window for Ethernet To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Access ID (1-200) Type in a unique identifier number for this access. This value can be set from 1 to 200. Auto Assign – Ticking this check box will instruct the Switch to automatically assign an Access ID for the rule being created.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch RX Rate (1-15625) Use this to limit RX bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64kbit/sec. (ex. If the user selects an RX rate of 10 then the ingress rate is 640kbit/sec.) The user many select a value between 1 and 15625 or tick the No Limit check box. The default setting is No Limit.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 15. Add Access Rule window for IPv4 To set the Access Rule for IP, adjust the following parameters and click Apply. Parameter Description Access ID (1-200) Type in a unique identifier number for this access. This value can be set from 1 to 200. Auto Assign – Ticking this check box will instruct the Switch to automatically assign an Access ID for the rule being created.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch DSCP This field allows the user to enter a DSCP value in the space provided, which will instruct the Switch to examine the DiffServ Code part of each packet header and use this as the, or part of the criterion for forwarding. The user may choose a value between 0 and 63. RX Rate (1-15625) Use this to limit RX bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64kbit/sec. (ex.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 18. Add Access Rule window for IPv6 To set the Access Rule for IPv6, adjust the following parameters and click Apply. Parameter Description Access ID (1-200) Type in a unique identifier number for this access. This value can be set from 1 to 200. Auto Assign – Ticking this check box will instruct the Switch to automatically assign an Access ID for the rule being created.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch RX Rate (1-15625) Use this to limit RX bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64kbit/sec. (ex. If the user selects an RX rate of 10 then the ingress rate is 640kbit/sec.) The user many select a value between 1 and 15625 or tick the No Limit check box. The default setting is No Limit.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 21. Add Access Rule window for Packet Content To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Access ID (1200) Type in a unique identifier number for this access. This value can be set from 1 to 200. Auto Assign – Ticking this check box will instruct the Switch to automatically assign an Access ID for the rule being created.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch RX Rate (115625) Use this to limit RX bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64kbit/sec. (ex. If the user selects an RX rate of 10 then the ingress rate is 640kbit/sec.) The user many select a value between 1 and 15625 or tick the No Limit check box. The default setting is No Limit.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CPU Access Profile List Due to a ch ipset limitation and needed extra switch security, the Switch incorporates CPU Interface filtering. This added feature increases t he running sec urity of the Switch by e nabling the use r to c reate a list of access rules for packets des tined for t he Switch’s CPU interface.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The window shown below is the Add CPU ACL Profile window for Ethernet. Figure 6 - 24. Add CPU ACL Profile window for Ethernet Parameter Description Select Profile ID (1-5) Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet content mask.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a prev iously correctly created profile, c lick the corresponding Show De tails button on the CPU Access Profile List window to view the following window: Figure 6 - 25. CPU Access Profile Detail Information window for Ethernet The window shown below is the Add CPU ACL Profile window for IP (IPv4). Figure 6 - 26.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 802.1Q VLAN Selecting this option instructs the Switch to examine the VLAN part of each packet header and use this as the, or part of the criterion for forwarding. IPv4 DSCP Selecting this option instructs the Switch to examine the DiffServ Code part of each packet header and use this as the, or part of the criterion for forwarding. Source IP Mask Enter an IP address mask for the source IP address.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 28.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following parameters may be configured for the IPv6 filter. Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet content mask. This will change the menu according to the requirements for the type of profile.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 30. Add CPU ACL Profile window for Packet Content The following parameters may be configured for the Packet Content filter. Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6 address, or packet content mask.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the settings of a prev iously correctly created profile, c lick the corresponding Show De tails button on the CPU Access Profile List window to view the following window: Figure 6 - 31.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100. Action Select Permit to specify that the packets that match the access rule are forwarded by the Switch, according to any additional rule added (see below).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 6 - 36. Add Access Rule window for IPv4 To set the Access Rule for IP, adjust the following parameters and click Apply Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100. Action Select Permit to specify that the packets that match the access rule are forwarded by the Switch, according to any additional rule added (see below).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To establish the rule for a previously created CPU Access Profile: To configure the Access Rules for IP, ope n the CPU Access Profile List window and click Add/View Rules for an IPv6 entry. This will open the following window. Figure 6 - 38. CPU Access Rule List window for IPv6 To remove a previously created rule, click the corresponding Delete Rules button. To add a new Access Rule, click the Add Rule button: Figure 6 - 39.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Ports Ticking the All Ports check box will denote all ports on the Switch. To view the settings of a previously correctly configured rule, click the co rresponding Show Details button on th e CPU Access Rule List window to view the following window: Figure 6 - 40.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To set the Access Rule for Packet Content, adjust the following parameters and click Apply. Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100. Action Select Permit to specify that the packets that match the access rule are forwarded by the Switch, according to any additional rule added (see below).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The user may adjust the following parameters to configure a time range on the Switch: Parameter Description Range Name Enter a name of no more than 32 alphanumeric characters that will be used to identify this time range on the Switch. This range name will be used in the Access Profile table to identify the access profile and associated rule to be enabled during this time range.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 7 Monitoring Device Environment (DGS-3200-16 and DGS-3200-24 only) Cable Diagnostics CPU Utilization Port Utilization Packet Size Packets Errors Port Access Control Browse ARP Table Browse VLAN Browse Router Port Browse MLD Router Port Browse Session Table IGMP Snooping Group MLD Snooping Group WAC Authenticating State JWAC Host Table MAC Address Table System Log MAC Authentication State Device Environment The device environment feat
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Cable Diagnostics The cable diagnostics feature is designed primarily for administrators or customer service representatives to verify and test copper cables; it can rapidly determine the quality of the cables and the types of error. To view the following window, click Monitoring > Cable Diagnostics: Figure 7 - 3.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch CPU Utilization Users can display the percentage of the CPU being used, expressed as an integer percentage and calculated as a simple average by time interval. To view the following window, click Monitoring > CPU Utilization: Figure 7 - 4. CPU Utilization window To view the CPU utilization by port, use the real-tim e graphic of the Switch and/or switch stack at the to p of t he web page by simply cl icking on a port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Utilization Users can display the percentage of the total available bandwidth being used on the port. To view the following window, click Monitoring > Port Utilization: Figure 7 - 5. Port Utilization window To select a port to view these statistics for, select the port by using the Port drop-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packet Size Users can display packets received by the Switch, arranged in six groups and classed by size, as either a line graph or a table. Two windows are offered. To select a port to view these statistics for, select the port by using the Port drop-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields can be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Packets The Web manager allows various packet statistics to be viewed as either a line graph or a table. Six windows are offered. Received (RX) To select a port to view these statistics for, select the port by using the Port drop-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view the following windows, click Monitoring > Packets > Received (RX): Figure 7 - 8.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200. Bytes Counts the number of bytes received on the port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch UMB_Cast (RX) To select a port to view these statistics for, select the port by using the Port drop-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view the following windows, click Monitoring > Packets > UMB_Cast (RX): Figure 7 - 10.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch To view the Transmitted (TX) Table window, click the link View Table. Figure 7 - 13. Transmitted (TX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Errors The Web manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics for, select the port by using the Port drop-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields can be set: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Transmitted (TX) To select a port to view these statistics for, select the port by using the Port drop-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port. To view the following windows, click Monitoring > Errors > Transmitted (TX): Figure 7- 16.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port Access Control The following windows are used to monitor 802.1X statistics of the Switch, on a per port basis. To view the Port Access Control windows, open the Monitoring folder and click Port Access Control. There are seven monitoring windows in this section.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch AccessChallenges The number of RADIUS Access-Challenge packets (valid or invalid) received from this server. AccessResponses The number of malformed RADIUS Access-Response packets received from this server. Malformed packets include packets with an invalid length. Bad authenticators or Signature attributes or known types are not included as malformed access responses.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch ServerPortNumber The UDP port the client is using to send requests to this server. RoundTripTime The time interval between the most recent Accounting-Response and the Accounting-Request that matched it from this RADIUS accounting server. Requests The number of RADIUS Accounting-Request packets sent. This does not include retransmissions.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator State The following section describes the 802.1x Status on the Switch. Users can view the Authenticator State. To view the following windows, click Monitoring > Port Access Control > Authenticator State: Figure 7 - 20. RADIUS Authenticator State window (MAC-based 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 21. Authenticator State window (Port-based 802.1X Authentication Mode) This window displays th e Au thenticator State for ind ividual ports on a selected device. A po lling interval between 1 an d 60 seconds can be set using the drop-down menu at the top of the window and clicking OK.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Statistics Users can display tatistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the following window, click Monitoring > Port Access Control > Authenticator Statistics: Figure 7 - 22. Authenticator Statistics window (MAC-based 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 23. Authenticator Statistics window (Port-based 802.1X Authentication Mode) The user may also select th e desired time interval to upd ate the statistics, b etween 1s and 60s, where “s” stands for seconds. The default value is one second. The following fields can be viewed: Parameter Description Port/Index The identification number assigned to the Port by the System in which the Port resides. In MAC-based 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Last Source The source MAC address carried in the most recently received EAPOL frame.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Session Statistics Users can display session statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the following window, click Monitoring > Port Access Control > Authenticator Session Statistics: Figure 7 - 24. Authenticator Session Statistics window (MAC-based 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 25. Authenticator Session Statistics window (Port-based 802.1X Authentication Mode) The user m ay select th e d esired tim e in terval to update t he statistics, between 1s and 60s, where “s ” stands for se conds. T he default value is one second. The following fields can be viewed: Parameter Description Port/Index The identification number assigned to the Port by the System in which the Port resides. In MAC-based 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Time The duration of the session in seconds. Terminate Cause The reason for the session termination. There are eight possible reasons for termination.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Authenticator Diagnostics Users can display diagnostic information regarding the operation of the Authenticator associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view the following window, click Monitoring > Port Access Control > Authenticator Diagnostics: Figure 7 - 26. Authenticator Diagnostics window (MAC-based 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 7 - 27. Authenticator Diagnostics window (Port-based 802.1X Authentication Mode) The user m ay select th e d esired tim e in terval to update t he statistics, between 1s and 60s, where “s ” stands for se conds. T he default value is one second. The following fields can be viewed: Parameter Description Port / Index In Port-based 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Auth Timeout Counts the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating authentication timeout (authTimeout = TRUE). Auth Fail Counts the number of times that the state machine transitions from AUTHENTICATING to HELD, as a result of the Backend Authentication state machine indicating authentication failure (authFail = TRUE).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse ARP Table Users can display current ARP entries on the Switch. To search a specific ARP entry, enter an Interface Name or an IP Address at the top of the window and click Find. Click the Show Static button to display static ARP table entries. To clear t he ARP Table, click Clear All. To view the following window, click Monitoring > Browse ARP Table: Figure 7 - 28.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse Router Port Users can display which of the Switch’s ports are currently configured as router ports. A router port configured by a user (using the c onsole or Web-based managem ent int erfaces) is displayed as a static router port, designated by S. A router port that is dynamically configured by the Switch is designated by D, while a Forbidden port is designated by F.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Browse Session Table Users can display the management sessions since the Switch was last rebooted. To view the following window, click Monitoring > Browse Session Table: Figure 7 - 32. Browse Session Table window IGMP Snooping Group Users can view the Switch’s IGMP Snooping Group Table. IGMP Snooping allows the Switch to read the Mu lticast Grou p IP address and the corresponding MAC address from IGMP packets that pass through the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MLD Snooping Group Users can view MLD Snooping Groups present on the Switch. MLD Snooping is an IPv6 function comparable to IGMP Snooping for IPv4. To view the following window, click Monitoring > MLD Snooping Group: Figure 7 - 34. MLD Snooping Group window The user may browse this table by either VLAN Name or VID List present in the Switch by entering that VLAN Name/VID List in the empty field shown below, and clicking the Find button.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch WAC Authenticating State Users can display the current WAC authentication state and delete WAC authentication state settings. To view the following window, click Monitoring > WAC Authenticating State: Figure 7 - 35.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch JWAC Host Table Users can display Japanese Web-based Access Control Host Table information. To view the following window, click Monitoring > JWAC Host Table: Figure 7 - 36. JWAC Host Table window The following fields and settings can be viewed: Parameter Description Port List Enter a port or range of ports. Find Click this button to initiate the search function.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC ad dress and a port num ber, it m akes an en try in to its fo rwarding ta ble. T hese entries are then used t o forward packets through the Switch. To view the following window, click Monitoring > MAC Address Table: Figure 7 - 37.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch System Log Users can view the history log as compiled by the Switch's management agent. To view the following window, click Monitoring > System Log: Figure 7 - 38. System Log window The Switch can record event information in its own logs, to designated SNMP trap receiving stations, and to the PC connected to the console manager. Clicking Clear Log will allow the user to delete all the present entries in the Switch History Log.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch MAC Authentication State Users can use the MAC Authentication State window to display the MAC-based Access Control authentication MAC addreses. To view the following window, click Monitoring > MAC Authentication State: Figure 7 - 39.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Section 8 Save and Tools Save Configuration Save Log Save All Download Configuration File/Download Configuration File to NV-RAM (DGS-3200-24 only) Download Configuration File to SD Card (DGS-3200-24 only) Download Firmware/Download Firmware to NV-RAM (DGS-3200-24 only) Download Firmware to SD Card (DGS-3200-24 only) Upload Configuration File/Upload Configuration File to TFTP Upload Log File/Upload Log File to TFTP Reset Reboot System The thre
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Save Configuration Open th e Save d rop-down menu on t he left-hand si de o f t he m enu ba r at t he t op of t he Web m anager an d cl ick Save Configuration to open the following window: Figure 8 - 1. Save Configuration window (DGS-3200-10 and DGS-3200-16) Use the drop-down menu to choose a configuration file indexed as ID 1 or 2 and then click Apply. Figure 8 - 2.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Save All Open t he Save dr op-down menu on t he l eft-hand si de of t he m enu b ar at t he t op of t he Web m anager a nd cl ick Save Al l to immediately save the current configuration file and current log. The following window will open: Figure 8 - 5. Save All window Download Configuration File/Download Configuration File to NV-RAM The Switch can store dual configuration files. The configuration files are indexed as Active, 1, or 2.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Download Configuration File to SD Card Figure 8 - 8. Download Configuration File to SD Card window (DGS-3200-24) Use th e radio button to select eith er IPv 4 or IPv6 . En ter t he TF TP Se rver IP a ddress for the ty pe of IP selected. Specify the path/file name of the TFTP File. Specify the SD Card File name. Click Download to initiate the file transfer.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Download Firmware to SD Card Figure 8 - 11. Download Firmware to SD Card window (DGS-3200-24) Use th e radio button to select eith er IPv 4 or IPv6 . En ter t he TF TP Se rver IP a ddress for the ty pe of IP selected. Specify the path/file name of the TFTP File. Specify the SD Card File name. Click Download to initiate the file transfer.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Upload Log File/Upload Log File to TFTP A history and attack log can be uploaded from the Switch to a TFTP server. Open the Tools drop-down menu on the left-hand side of the menu bar at the top of the Web manager and click Upload Log File to open the following window: Figure 8 - 14. Upload Log File window (DGS-3200-10 and DGS-3200-16) Figure 8 - 15.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Reboot System The following window is used to restart the Switch. Open the Tools drop-down menu on the left-hand side of the menu bar at the top of the Web manager and click Reboot System to open the following window: Figure 8 - 17. Reboot System window Clicking the Yes radio button will instruct the Switch to save the current configuration to non-volatile RAM before restarting the Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Appendix A – Mitigating ARP Spoofing Attacks Using Packet Content ACL How Address Resolution Protocol works Address Resolution Protocol (ARP) is the standard method for finding a host’s hardware address (MAC address) when only its IP address is known. Howe ver, this prot ocol is vulnerable because hac kers can spoof the IP and MAC info rmation in the ARP packets t o attack a L AN (known as ARP spoofing).
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 2 When the switch floods the frame of ARP request to the network, all PCs will receive and examine the frame but only PC B will reply the query as the destination IP matched (see Figure 3). Figure 3 When PC B replies to the ARP request, its MAC address will be written into “Target H/W Address” in the ARP payload shown in Table 3. The ARP reply will be then encapsulated into an Ethernet frame again and sent back to the sender.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch The switch will also examine the “Source Address” of the Ethernet frame and find that the address is not in the Forwarding Table. The switch will learn PC B’s MAC and update its Forwarding Table.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch How ARP Spoofing Attacks a Network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service – DoS attack). The principle of ARP spoofing is to send the fake or spoofed ARP messages to an Ethernet network.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Figure 5 Prevent ARP Spoofing via Packet Content ACL D-Link managed switches can effectively mitigate common DoS attacks caused by ARP spoofing via a uni que Package Content ACL. For th e reason th at basic ACL can on ly filter ARP packets based on packet typ e, VLAN ID, Sou rce, an d Destinatio n M AC information, there is a need for further inspections of ARP packets.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configuration The configuration logic is as follows: 1. 2. Only if the ARP matches Source MAC address in Ethernet, Sender MAC address and Sender IP address in ARP protocol can pass through the switch. (In this example, it is the gateway’s ARP.) The switch will deny all other ARP packets which claim they are from the gateway’s IP. The design of Packet Content ACL on the Switch enables users to inspect any offset chunk.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch 263
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Appendix B – Switch Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Configuration successfully downloaded Configuration successfully downloaded by console (Username: , IP: , MAC: ) Configuration download was unsuccessful Configuration download by console was unsuccessful! (Username: , IP: , MAC: ) Configuration successfully uploaded Configuration successfully uploaded by console (Username: , IP: , MAC: ) Informational "by co
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Login failed through Web Login failed through Web (Username: , IP: , MAC: ) Warning Logout through Web Logout through Web (Username: , IP: , MAC: ) Informational Successful login through Web (SSL) Successful login through Web (SSL) (Username: Informational , IP: , MAC: ) Login failed through Web (SSL) Login failed through Web (SSL) (Username: , I
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch , MAC: ) AAA Login failed through SSH Login failed through SSH (Username: , IP: , MAC: ) Warning Logout through SSH Logout through SSH (Username: , IP: , MAC: ) Informational SSH session timed out SSH session timed out (Username: , IP: , MAC: ) Informational SSH server is enabled SSH server is enabled Informational SSH server is disab
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Login failed through Login failed through Telnet Telnet authenticated by from authenticated AAA local method by AAA local method (Username: , MAC: ) Warning Successful login through SSH authenticated by AAA local method Successful login through SSH from authenticated Informational by AAA local method (Username: , MAC: ) Login failed through SSH authenticated by AAA local method Login
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Successful login through Web authenticated by AAA server Successful login through Web from authenticated Informational by AAA server (Username: , MAC: ) Login failed through Web authenticated by AAA server Login failed through Web from authenticated by AAA server (Username: , MAC: ) Warning Login failed through Web due to AAA server timeout or improper configurat
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Enable Admin failed through Console authenticated by AAA local_enable method Enable Admin failed through Console authenticated by AAA local_enable method (Username: ) Warning Successful Enable Admin through Web authenticated by AAA local_enable method Successful Enable Admin through Web from authenticated by AAA local_enable method (Username: , MAC: ) Informational Enable Admin failed through Web auth
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Successful Enable Admin through SSH authenticated by AAA none method Successful Enable Admin through SSH from authenticated by AAA none method (Username: , MAC: ) Informational Successful Enable Admin through Console authenticated by AAA server Successful Enable Admin through Console authenticated by AAA server (Username: ) Informational Enable Admin failed through Console authenticated by
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch IP-MACPORT Binding Successful Enable Admin through Telnet authenticated by AAA server Successful Enable Admin through Telnet from authenticated by AAA server (Username: , MAC: ) Informational Enable Admin failed through Telnet authenticated by AAA server Enable Admin failed through Telnet from authenticated by AAA server (Username: , MAC: ) Warning Enable Admi
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Dynamic IMPB entry is Dynamic IMPB entry is conflict with static conflict with static FDB FDB (IP:, MAC:, Port) Dynamic IMPB entry is Dynamic IMPB entry is conflict with static conflict with static ARP ARP (IP:, MAC:, Port) Dynamic IMPB entry is Dynamic IMPB entry is conflict with static conflict with static IMPB IMPB (IP:, MAC:, Port) IP and Pas
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Port is Port shut down due to a currently shut down due to a packet storm packet storm Login OK JWAC login successful (Username:%s,IP:%s,MAC:%s ,Port:%s) Informational Login Fail JWAC login rejected (Username:%s,IP:%s,MAC:%s ,Port:%s) Warning Logout normal JWAC host logout normally (Username:%s,IP:%s,MAC:%s Informational ,Port:%s) Logout forcibly JWAC host logout forcibly (Username:%s,IP:%s,MAC:%s ,Port:%s) Warning A
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Egress bandwidth assigned from RADIUS server after RADIUS client authenticated by RADIUS server successfully. This egress bandwidth will assign to the port. DHCP Radius server assigned egress bandwidth : to port <[unitID:]portNum> (account: ) 802.1p default priority assigned from RADIUS server after RADIUS client authenticated by RADIUS server successfully. This 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Appendix C – Trap Logs This table lists the trap logs found on the DGS-3200 Series Switches. MACNotificationTrap This trap indicates the MAC address 1.3.6.1.4.1.171.11.101.1.2.100.1.2.0.1 variations in the address table. PortSecurityViolationTrap When the port security trap is 1.3.6.1.4.1.171.11.101.1.2.100.1.2.0.2 enabled, new MAC addresses that violate the pre-defined port security configuration will trigger trap messages to be sent out.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch FilterDetectedTrap This trap is sent when an illegal 1.3.6.1.4.1.171.12.37.100.0.1 DHCP server is detected. The same illegal DHCP server IP address detected is just sent once to the trap receivers within the log ceasing unauthorized duration. SingleIPMSColdStart The commander switch will send 1.3.6.1.4.1.171.12.8.6.0.11 swSingleIPMSColdStart notification to the indicated SingleIPMSWarmStart The commander switch will send 1.3.6.1.4.1.171.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch linkDown A linkDown trap signifies that the 1.3.6.1.6.3.1.1.5.3 sending protocol entity recognizes a failure in one of the communication links represented in the agent's configuration. linkUp A linkUp trap signifies that the 1.3.6.1.6.3.1.1.5.4 sending protocol entity recognizes that one of the communication links represented in the agent's configuration has come up. authenticationFailure An authenticationFailure trap 1.3.6.1.6.3.1.1.5.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Appendix D – Password Recovery Procedure This document describes the procedure for resetting passwords on D-Link Switches. Authenticating any user who tries to access networks is necessary and important. The basic authentication method used to accept qualified users is through a local login, utilizing a Username and Password. Sometimes, passwords get forgotten or destroyed, so network administrators need to reset th ese passwords.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Appendix E – Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 2 kilometers. 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers. 100BASE-FX: 100Mbps Ethernet implementation over fiber. 100BASE-TX: 100Mbps Ethernet implementation over Category 5 and Type 1 Twisted Pair cabling. 10BASE-T: The IEEE 802.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch latency: The delay between the time a device receives a packet and the time the packet is forwarded out of the destination port. line speed: See baud rate. main port: The port in a resilient link that carries data traffic in normal operating conditions. MDI - Mediu m Dependent Interface: An Et hernet port co nnection where t he transmitter o f one d evice is co nnected t o the receiver of another device.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Warranty 282
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Subject to the terms and conditions set forth herein, D-Link Systems, Inc. (“D-Link”) provides this lifetime product warranty for hardware: Only for products purchased, delivered and used within the fifty states of the United States, the District of Columbia, U.S. Possessions or Protectorates, U.S. Military Installations, or addresses with an APO or FPO, and; Only with proof of purchase.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch What Is Not Covered: The Warranty provided herein by D-Link does not cover: Products that, in D-Link’s judgment, have been subjected to abuse, accident, alteration, modification, tampering, negligence, misuse, faulty installation, lack of reasonable care, repair or service in any way that is not contemplated in the documentation for the product, or if the model or serial number has been altered, tampered with, defaced or removed; Initial instal
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Product Registration Register your D-Link product online at http://support.dlink.com/register/ Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch LIMITED WARRANTY (Exclude USA, Europe, China and Taiwan) D-Link provides this lim ited warranty for its product only to the person or entity who originally purchased the product from D-Link or its authorized reseller or distributor. D-Link would fulfill the warranty obligation according to the local warranty policy in which you purchased our products.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch provided only to the or iginal licensee, and is subject to th e terms and conditions of the license granted by D-Link for the Software. The Warranty Period shall extend for an additional ninety (90) days after any replacement Software is delivered .
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch Initial installation, installation and removal of the product for repair, and shipping costs; Operational adjustments covered in the operating manual for the product, and normal maintenance; Damage that occurs in shipment, due to act of damage; God, failures due to powe r surge, and cosmetic and Any hardware, software, firmware or other product s or services provi ded by anyone other than DLink.
xStack® DGS-3200 Series Layer 2 Gigabit Ethernet Managed Switch D-Link is a registered tr ademark of D- Link C orporation/ D-Li nk International Ptd Ltd. All other trademarks belong to their respective proprietors. Copyright Statement No part of this publication may be reproduced in any form or by any means or used to make any derivative such as tr anslation, t ransformation, or adaptation without permission from D-Li nk Corporation/ D-Link International Ptd Ltd.
