Systems Switch User Manual

ManualsBrandsD-Link ManualsSwitchDGS-3700

User Manual

Product Model:

DGS-3700 Series

Layer 2 Managed Gigabit Ethernet Switch

Release 1.00

Summary of content (292 pages)

PAGE 2
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual _________________________________________________________________________________ Information in this document is subject to change without notice. © 2009 D-Link Corporation. All rights reserved. Reproduction in any manner whatsoever without the written permission of D-Link Corporation is strictly forbidden.
PAGE 3
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Table of Contents Preface......................................................................................................................................................................... xi Intended Readers ......................................................................................................................................................... 1 Typographical Conventions.......................................
PAGE 4
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Telnet Settings ............................................................................................................................................................ 30 Password Encryption .................................................................................................................................................. 31 Clipaging Settings ......................................................................
PAGE 5
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual DDM Bias Current Threshold Settings ..................................................................................................................................... 63 DDM Tx Power Threshold Settings .......................................................................................................................................... 64 DDM Rx Power Threshold Settings .........................................................
PAGE 6
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual MLD Snooping Multicast VLAN Settings ................................................................................................................................ 102 IPv6 Multicast Profile Settings................................................................................................................................................ 103 IPv6 Limited Multicast Range Settings ................................................
PAGE 7
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual 802.1p User Priority .................................................................................................................................................. 137 QoS Scheduling Mechanism .................................................................................................................................... 137 QoS Scheduling ......................................................................................
PAGE 8
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SSH Authmode and Algorithm Settings ................................................................................................................................. 169 SSH User Authentication Lists ............................................................................................................................................... 170 Access Authentication Control .........................................................
PAGE 9
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual RADIUS Authentication.......................................................................................................................................................... 233 RADIUS Account Client ......................................................................................................................................................... 234 Authenticator State ........................................................
PAGE 10
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Download Firmware .................................................................................................................................................. 258 Reboot System ......................................................................................................................................................... 258 Mitigating ARP Spoofing Attacks Using Packet Content ACL ....................................
PAGE 11
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Preface The DGS-3700 Series User Manual is divided into sections that describe the system installation and operating instructions with examples. Section 1, Introduction to Web-based Switch Management – Describes how to connect to and use the Webbased switch management feature on the Switch.
PAGE 12
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Intended Readers The DGS-3700 Series Manual contains information for setup and management of the Switch. This manual is intended for network managers familiar with network management concepts and terminology. Typographical Conventions Convention Description [] In a command line, square brackets indicate an optional entry. For example: [copy filename] means that optionally you can type copy followed by the name of the file.
PAGE 13
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Section 1 Web-based Switch Configuration Introduction Login to Web Manager Web-based User Interface Web Pages Introduction All software functions of the Switch can be managed, configured and monitored via the embedded web-based (HTML) interface. The Switch can be managed from remote stations anywhere on the network through a standard browser such as Opera, Netscape Navigator/Communicator, or Microsoft Internet Explorer.
PAGE 14
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 1 - 1 Enter Network Password dialog Enter “admin” in both the User Name and Password fields and click OK. This will open the Web-based user interface. The Switch management features available in the web-based manager are explained below.
PAGE 15
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Area 2 Area 1 Area 3 Figure 1 - 2 Main Web-Manager page Area Function Area 1 Select the folder or window to be displayed. The folder icons can be opened to display the hyperlinked window buttons and subfolders contained within them. Click the D-Link logo to go to the DLink website. Area 2 Presents a graphical near real-time image of the front panel of the Switch.
PAGE 16
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Below is a list and description of the main folders available in the web interface: Configuration – A detailed discussion about configuring some of the basic functions of the Switch, accessing the System information, Serial Port Settings, IP Address, Interface Settings, IPv6 Route Settings, IPv6 Neighbor Settings, Port Configuration, Static ARP Settings, User Accounts, System Log Configuration, System Severity Settings, DHCP Relay,
PAGE 17
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Section 2 Configuration Device Information System Information Serial Port Settings IP Address Interface Settings IPv6 Route Settings IPv6 Neighbor Settings Port Configuration Static ARP Settings User Accounts System Log Configuration System Severity Settings DHCP Relay Out of Band Management Settings External Alarm Settings DHCP Auto Configuration Settings MAC Address Aging Time Web Settings Telnet Settings Password Encryption Cli
PAGE 18
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Device Information This window contains the main settings for all major functions on the Switch and appears automatically when you log on. To return to the Device Information window, click the DGS-3700-12/DGS-3700-12G Web Management Tool folder.
PAGE 19
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 2 - 2 System Information window The fields that can be configured are described below: Parameter Description System Name Enter a system name for the Switch, if so desired. This name will identify it in the Switch network. System Location Enter the location of the Switch, if so desired. System Contact Enter a contact name for the Switch, if so desired. Click Apply to implement changes made.
PAGE 20
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual IP Address The IP address may initially be set using the console interface prior to connecting to it through the Ethernet. If the Switch IP address has not yet been changed, read the introduction of the DGS-3700 Series CLI Manual for more information.
PAGE 21
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Parameter Description Static Allows the entry of an IP address, Subnet Mask, and a Default Gateway for the Switch. These fields should be of the form xxx.xxx.xxx.xxx, where each xxx is a number (represented in decimal form) between 0 and 255. This address should be a unique address on the network assigned for use by the network administrator. DHCP The Switch will send out a DHCP broadcast request when it is powered up.
PAGE 22
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Setting the Swith’s IP Address using the Console Interface Each Switch must be assigned its own IP Address, which is used for communication with an SNMP network manager or other TCP/IP application (for example BOOTP, TFTP). The Switch’s default IP address is 10.90.90.90. You can change the default Switch IP address to meet the specification of your networking address scheme.
PAGE 23
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Enter the new VLAN Name and Admin. State and click Apply. To edit an entry for IPv4 features click the corresponding IPv4 Edit button. Figure 2 - 7 IPv4 Interface Settings Edit window The following parameters can be configured: Parameter Description Interface Name Displays the interface being edited. VLAN Name Enter the name of the VLAN corresponding to the interface. IPv4 Address Enter an alternative IPv4 address.
PAGE 24
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Automatic Link Local Address Enables or disables the automatic configuration of link local addresses when there are no IPv6 addresses explicitly configured. When an IPv6 address is explicitly configured, the link local address will be automatically configured, and the IPv6 processing will be started.
PAGE 25
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Parameter Description Interface Name Enter the interface name of the IPv6 neighbor you wish to configure. Neighbor Address Enter the neighbor IPv6 address of the entry you wish to configure. IPv6 Link Layer MAC Address Enter the MAC address of the neighbor device to be added as an IPv6 neighbor on the IP interface.
PAGE 26
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Parameter Description From Port / To Port Use the pull-down menus to select the port or range of ports to be configured. State Toggle this field to either enable or disable a given port or group of ports. Speed/Duplex Toggle the Speed/Duplex field to either select the speed and duplex/half-duplex state of the port. Auto denotes auto-negotiation between 10 and 100 Mbps devices, in full- or half-duplex.
PAGE 27
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 2 - 12 Port Description window Port Error Disabled The following window will display the information about ports that have had their connection status disabled, for reasons such as Loopback Detection or link down status. To view this window, click Configuration > Port Configuration > Port Error Disabled as shown below.
PAGE 28
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 2 - 14 Static ARP Settings window The following fields can be set: Parameter Description ARP Aging Time (0-65535) The user may globally set the maximum amount of time, in minutes, that an Address Resolution Protocol (ARP) entry can remain in the Switch’s ARP table, without being accessed, before it is dropped from the table. The value may be set in the range of 0-65535 minutes with a default setting of 20 minutes.
PAGE 29
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual level privileges. There are 3 levels of security offered on the Switch, the Operator level privilege will allow users to configure and view configurations on the Switch, except for those involving security features, which are still left to the Admin level privilege.
PAGE 30
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Community Strings and Trap Stations Yes Yes Read-only Update Firmware and Configuration Files Yes No No System Utilities Yes Yes No Factory Reset Yes No No Add/Update/Delete User Accounts Yes No No View User Accounts Yes No No User Account Management Table 2 - 1 Admin, Operator and User Privileges 19
PAGE 31
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual System Log Configuration This section contains information for configuring various attributes and properties for System Log Configurations, including System Log Settings and System Log Host. System Log Settings This window allows the user to enable or disable the System Log and specify the System Log Save Mode Settings.
PAGE 32
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Parameter Description Server ID Syslog server settings index (1-4). Server IP Address The IP address of the Syslog server. UDP Port (514 or 6000-65535) Type the UDP port number used for sending Syslog messages. The default is 514. Severity This drop-down menu allows you to select the level of messages that will be sent. The options are Warning, Informational, and All.
PAGE 33
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual System Severity Settings The Switch can be configured to allow alerts be logged or sent as a trap to an SNMP agent or both. The level at which the alert triggers either a log entry or a trap message can be set as well. Use the System Severity Settings menu to set the criteria for alerts. The current settings are displayed below the Settings menu.
PAGE 34
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual DHCP Relay The DHCP Relay folder contains six windows regarding the DHCP relay functions on the Switch. The DHCP windows include DHCP Relay Global Settings, DHCP Relay Interface Settings, DHCP Relay Option 60 Default Settings, DHCP Relay Option 60 Settings, DHCP Realy Option 61 Default Settings and DHCP Relay Option 61 Settings.
PAGE 35
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual DHCP relay information (option 82 field) in messages between DHCP servers and clients, and the check and policy settings will have no effect. DHCP Relay Agent Information Option 82 Check This field can be toggled between Enabled and Disabled using the pull-down menu. It is used to enable or disable the Switches ability to check the validity of the packet’s option 82 field.
PAGE 36
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual The Implementation of DHCP Information Option 82 on the Switch The config dhcp_relay option_82 command configures the DHCP relay agent information option 82 setting of the switch. The formats for the circuit ID sub-option and the remote ID sub-option are as follows: NOTE: For the circuit ID sub-option of a standalone switch, the module field is always zero. Circuit ID sub-option format: 1. 2. 1 3. 6 1 byte 1 byte 4. 5. 6.
PAGE 37
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual DHCP Relay Interface Settings This window allows the user to set up a server, by IP address, for relaying DHCP information to the Switch. The user may enter a previously configured IP interface on the Switch that will be connected directly to the DHCP/BOOTP server using the following window. Properly configured settings will be displayed in the DHCP Relay Interface Table at the bottom of the following window.
PAGE 38
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual DHCP Relay Option 60 Settings This window is used to configure option 60 relay rules on the Switch. Different strings can be specified for the same relay server, and the same string can be specified with multiple relay servers. The system will relay the packet to all the matching servers.
PAGE 39
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual DHCP Relay Option 61 Settings This command is used to add a rule to the relay server based on option 61. The matching rule can be based on either the MAC address or by using a user-specified string. Only one relay server can be specified for a MAC-address or a string.
PAGE 40
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Parameter Description IP Address Enter the IP address of the interface. Subnet Mask Enter the Subnet mask of the interface. Gateway Enter the default gateway of the out of band management networks. Status Allows the user to Enable or Disable the IP interface. Link Status Displays the current configurations of the out of band management interface. Click Apply to implement changes.
PAGE 41
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual When DHCP autoconfiguration is Enabled, the Switch becomes a DHCP client automatically after rebooting. The DHCP server must have the TFTP server IP address and configuration file name, and be configured to deliver this information in the data field of the DHCP reply packet. The TFTP server must be running and have the requested configuration file in its base directory when the request is received from the Switch.
PAGE 42
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Password Encryption Password Encryption Status can be Enabled or Disabled in this window, it is Disabled by default. Password encryption allows the user to encrypt a password in the configuration file for additional security. Select Enabled to change the password into encrypted form. When password encryption is disabled, the password will be in plain text form.
PAGE 43
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual otherwise configured by the user. Version States the firmware version. Size (Bytes) States the size of the corresponding firmware, in bytes. Update Time States the specific time the firmware version was downloaded to the Switch. From States the IP address of the origin of the firmware. There are five ways firmware may be downloaded to the Switch.
PAGE 44
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Size(bytes) Displays the size of the configuration file, in bytes. Update time Displays the time that the configuration file was updated to the Switch. From Displays the location from which the configuration file was uploaded. User Displays the name of the user (device) that updated this configuration file. Unknown users will be displayed as Anonymous.
PAGE 45
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual choose a specific number of times to ping the Target IP Address by entering a number between 1 and 255. Timeout Select a timeout period between 1 and 10 seconds for this Ping message to reach its destination. If the packet fails to find the IPv4 address in this specified time, the Ping packet will be dropped. IPv6 Ping Test Target IP Address Enter the Target IPv6 Address of the host.
PAGE 46
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual the pull-down menus. Loopback Mode This function allows the user to select MAC Internal/MAC External or PHY Internal/PHY External. MAC and PHY represent the layer on which the loopback is performed while the Internal or External represents the local loopback mode. State Select Enable to start internal loopback test; for external loopback, set port(s) to external loopback mode.
PAGE 47
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SNTP Settings The Simple Network Time Protocol Settings can be configured in the next two windows. Time Settings This window is used to configure the time settings for the Switch.
PAGE 48
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual TimeZone Settings The following window is used to configure time zones and Daylight Savings time settings for SNTP. To view this window, click Configuration > SNTP Settings > TimeZone Settings as shown below: Figure 2 - 42 Time Zone and DST Settings window The following parameters can be set: Parameter Description Time Zone and DST Daylight Saving Time State Use this pull-down menu to enable or disable the DST Settings.
PAGE 49
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual From :Which Week of the Month Enter the week of the month that DST will start. From: Day of the Week Enter the day of the week that DST will start on. From: Month Enter the month DST will start on. From: Time in HH:MM Enter the time of day that DST will start on. To: Which Week of the Month Enter the week of the month the DST will end. To: Day of the Week Enter the day of the week that DST will end.
PAGE 50
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 2 - 43 MAC Notification Global Settings window The following parameters may be viewed and modified: Parameter Description State Enable or disable MAC notification globally on the Switch. Interval (1-2147483647 sec) The time in seconds between notifications. History Size (1-500) The maximum number of entries listed in the history log used for notification. Up to 500 entries can be specified.
PAGE 51
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SNMP Settings Simple Network Management Protocol (SNMP) is an OSI Layer 7 (Application Layer) designed specifically for managing and monitoring network devices. SNMP enables network management stations to read and modify the settings of gateways, routers, switches, and other network devices.
PAGE 52
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SNMP Global State Settings The SNMP Global State Settings is used to globally enable or disable the SNMP Settings on the switch. To view this window, click Configuration > SNMP Settings > SNMP Global State Settings as shown below: Figure 2 - 45 SNMP Global State Settings window SNMP View Table This window is used to assign views to community strings that define which MIB objects can be accessed by a remote SNMP manager.
PAGE 53
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SNMP Group Table An SNMP Group created with this table maps SNMP users (identified in the SNMP User Table) to the views created in the previous menu. To view this window, click Configuration > SNMP Settings > SNMP Group Table as shown below: Figure 2 - 47 SNMP Group Table window To delete an existing SNMP Group Table entry, click the corresponding Delete button.
PAGE 54
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SNMP User Table This window displays all of the SNMP User's currently configured on the Switch and also allows you to add new users. To view this window, click Configuration > SNMP Settings > SNMP User Table as shown below: Figure 2 - 48 SNMP User Table window The following parameters may be set: Parameter Description User Name An alphanumeric string of up to 32 characters. This is used to identify the SNMP users.
PAGE 55
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Password Enter a Password when SNMP V3 Encryption is enabled for Password mode. Key Enter a Key when SNMP V3 Encryption is enabled for Key mode. To implement changes made, click Apply. To delete an existing SNMP User Table entry, click the corresponding Delete button.
PAGE 56
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SNMP Host Table The SNMP Host Table window is used to set up SNMP trap recipients. To view this window, click Configuration > SNMP Settings > SNMP Host Table as shown below: Figure 2 - 50 SNMP Host Table window The following parameters can set: Parameter Description Host IP Address Type the IP address of the remote management station that will serve as the SNMP host for the Switch.
PAGE 57
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual monitor and control network devices. SNMPv2 – Specifies that SNMP version 2 will be used. The SNMP v2 supports both centralized and distributed network management strategies. It includes improvements in the Structure of Management Information (SMI) and adds some security features. SNMPv3 – Specifies that SNMP version 3 will be used.
PAGE 58
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SNMP Trap Configuration The following window is used to enable and disable trap settings for the SNMP function on the Switch. To view this window, click Configuration > SNMP Settings > SNMP Trap Configuration as shown below: Figure 2 - 53 SNMP Trap Configuration window To enable or disable the Traps State and/or the Authenticate Traps State, use the corresponding pull-down menu to change and click Apply.
PAGE 59
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual sFlow The sFlow folder contains four windows to enable and configure the sFlow settings on the Switch. sFlow Global State Settings This table is used to enable or disable the sFlow Global State Settings on the Switch. The sFlow version, address and state configurations can also be viewed in this table.
PAGE 60
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual timeout value will become 400 automatically. Timeout (1-2000000) The length of time before the server is timed out. When the analyzer server times out, all of the flow samplers and counter pollers associated with this analyzer server will be deleted. “Infinite” indicates that the analyzer server will never time out. If not specified, the default value is 400. Collector Address The IP address of the analyzer server.
PAGE 61
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual sFlow Counter Poller Settings This window is used to create the sflow counter poller settings on the Switch. Within the sflow counter poller function, the port statistics counter information will be forwarded to the server at the configured interval. These counters are RFC 2233 counters.
PAGE 62
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Single IP Management Simply put, D-Link Single IP Management is a concept that will stack switches together over Ethernet instead of using stacking ports or modules. There are some advantages in implementing the "Single IP Management" feature: 1. SIM can simplify management of small workgroups or wiring closets while scaling the network to handle increased bandwidth demand. 2.
PAGE 63
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual The Upgrade to v1.6 To better improve SIM management, the DGS-3700 Series has been upgraded to version 1.6 in this release. Many improvements have been made, including: 1. The Commander Switch (CS) now has the capability to automatically rediscover member switches that have left the SIM group, either through a reboot or web malfunction.
PAGE 64
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 2 - 60 Single IP Settings window (enabled) The following parameters can be set: Parameters Description SIM State Use the pull-down menu to either enable or disable the SIM state on the Switch. Disabled will render all SIM functions on the Switch inoperable. Role State Use the pull-down menu to change the SIM role of the Switch.
PAGE 65
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 2 - 61 Single IP Management window – Tree View The Tree View window holds the following information under the Data tab: Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user. If no Device Name is configured by the name, it will be given the name default and tagged with the last six digits of the MAC Address to identify it.
PAGE 66
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 2 - 62 Topology view This window will display how the devices within the Single IP Management Group are connected to other groups and devices. Possible icons in this screen are as follows: Icon Description Group Layer 2 commander switch Layer 3 commander switch Commander switch of other group Layer 2 member switch.
PAGE 67
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Tool Tips In the Topology view window, the mouse plays an important role in configuration and in viewing device information. Setting the mouse cursor over a specific device in the topology window (tool tip) will display the same information about a specific device as the Tree view does. See the window below for an example.
PAGE 68
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Right-Click Right-clicking on a device will allow the user to perform various functions, depending on the role of the Switch in the SIM group and the icon associated with it. Group Icon Figure 2 - 65 Right-Clicking a Group Icon The following options may appear for the user to configure: Collapse – To collapse the group that will be represented by a single icon. Expand – To expand the SIM group, in detail.
PAGE 69
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Commander Switch Icon Figure 2 - 67 Right-Clicking a Commander Icon The following options may appear for the user to configure: Collapse – To collapse the group that will be represented by a single icon. Expand – To expand the SIM group, in detail. Property – To pop up a window to display the group information.
PAGE 70
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 2 - 70 Input password window Property – To pop up a window to display the device information, as shown below. Menu Bar The Single IP Management window contains a menu bar for device configurations, as seen below. Figure 2 - 71 Menu Bar of the Topology View The five menus on the menu bar are as follows. File Print Setup – Will view the image to be printed. Print Topology – Will print the topology map.
PAGE 71
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 2 - 73 About window Firmware Upgrade This screen is used to upgrade firmware from the Commander Switch to the Member Switch. Member Switches will be listed in the table and will be specified by Port (port on the CS where the MS resides), MAC Address, Model Name and Version. To specify a certain Switch for firmware download, click its corresponding check box under the Port heading.
PAGE 72
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Upload Log File The following window is used to upload log files from SIM member switches to a specified PC. To upload a log file, enter the Server IP address of the SIM member switch and then enter a Path\Filename on your PC where you wish to save this file. Click Upload to initiate the file transfer.
PAGE 73
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 2 - 78 DDM Settings window The following fields can be configured: Parameter Description Trap Log Specifies whether or not to send the trap and log, when the operating parameter exceeds the alarm or warning threshold. From Port / To Port Specifies a port or range of ports to be configured. State Specifies to Enable or Disable the DDM settings state.
PAGE 74
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual DDM Voltage Threshold Settings This table is used to configure the DDM Voltage Threshold Settings for specific ports on the Switch. To view this window, click Configuration > DDM > DDM Voltage Threshold Settings as shown below: Figure 2 - 80 DDM Voltage Threshold Settings window The following fields can be configured: Parameter Description From Port / To Port Specifies a port or range of ports to be configured.
PAGE 75
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual High Warning This is the highest threshold for the warning. When the operating parameter rises above this value, action associated with the warning is taken. Low Warning This is the lowest threshold for the warning. When the operating parameter falls below this value, action associated with the warning is taken. Click Apply to implement changes made.
PAGE 76
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual The following fields can be configured: Parameter Description From Port / To Port Specifies a port or range of ports to be configured. High Alarm This is the highest threshold for the alarm. When the operating parameter rises above this value, action associated with the alarm will be taken. Low Alarm This is the lowest threshold for the alarm.
PAGE 77
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Section 3 L2 Features Jumbo Frame 802.1Q VLAN Subnet VLAN QinQ 802.
PAGE 78
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual VLANs Understanding IEEE 802.1p Priority Priority tagging is a function defined by the IEEE 802.1p standard designed to provide a means of managing traffic on a network where many different types of data may be transmitted simultaneously. It is intended to alleviate problems associated with the delivery of time critical data over congested networks.
PAGE 79
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual IEEE 802.1Q VLANs Some relevant terms: Tagging – The act of putting 802.1Q VLAN information into the header of a packet. Untagging – The act of stripping 802.1Q VLAN information out of the packet header. Ingress port – A port on a switch where packets are flowing into the Switch and VLAN decisions must be made.
PAGE 80
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the EtherType field. When a packet's EtherType field is equal to 0x8100, the packet carries the IEEE 802.1Q/802.1p tag.
PAGE 81
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Port VLAN ID Packets that are tagged (are carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network device to another with the VLAN information intact. This allows 802.1Q VLANs to span network devices (and indeed, the entire network, if all network devices are 802.1Q compliant). Unfortunately, not all network devices are 802.1Q compliant. These devices are referred to as tag-unaware. 802.
PAGE 82
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual same VID) as the ingress port. If it does not, the packet is dropped. If it has the same VID, the packet is forwarded and the destination port transmits it on its attached network segment. This process is referred to as ingress filtering and is used to conserve bandwidth within the Switch by dropping packets that are not on the same VLAN as the ingress port at the point of reception.
PAGE 83
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual VLAN and Trunk Groups The members of a trunk group have the same VLAN setting. Any VLAN setting on the members of a trunk group will apply to the other member ports. NOTE: In order to use VLAN segmentation in conjunction with port trunk groups, you can first set the port trunk group(s), and then you may configure VLAN settings.
PAGE 84
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 5 Double VLAN Example In this example, the Service Provider Access Network switch (Provider edge switch) is the device creating and configuring Double VLANs with different SPVIDs for specific customers (say Customer A and Customer B).
PAGE 85
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual • Web-based Access Control • IP Multicast Routing • GVRP • All Regular 802.1Q VLAN functions 802.1Q VLAN The 802.1Q VLAN window lists all previously configured VLANs by VLAN ID and VLAN Name. To view this window, click L2 Features > 802.1Q VLAN as shown below: Figure 3 - 6 Current 802.1Q Static VLANs Entries window To create a new 802.1Q VLAN entry or edit an existing one, click the Add/Edit VLAN tab at the top of the 802.
PAGE 86
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 7 802.1Q VLAN window – Add/Edit VLAN Tab To return to the 802.1Q VLAN window, click the VLAN List Tab at the top of the window. To change an existing 802.1Q VLAN entry, click the corresponding Edit button. A new window will appear to configure the port settings and to assign a unique name and number to the new VLAN. See the table below for a description of the parameters in the new menu.
PAGE 87
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources, notifying that they may join the existing VLAN. Port Settings Allows an individual port to be specified as member of a VLAN. Tagged Specifies the port as 802.1Q tagged. Checking the box will designate the port as Tagged. Untagged Specifies the port as 802.1Q untagged. Checking the box will designate the port as untagged.
PAGE 88
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 10 802.1Q VLAN window – VLAN Batch Settings window The following fields can be set in the VLAN Batch Settings windows: Parameter Description VID List (e.g 2-5) Enter a VLAN ID List that can be added, deleted or configured. Advertisement Enabling this function will allow the Switch to send out GVRP packets to outside sources, notifying that they may join the existing VLAN. Port List (e.g.
PAGE 89
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Subnet VLAN Subnet VLAN Settings The subnet VLAN settings are used to create, find or delete a subnet VLAN entry. A subnet VLAN entry is an IP subnet-based VLAN classification rule. If an untagged or priority-tagged IP packet is received on a port, its source IP address will be used to match the subnet VLAN entries. If the source IP is in the subnet of an entry, the packet will be classified to the VLAN defined for this subnet.
PAGE 90
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 12 VLAN Precedence Settings window The following parameters can be configured: Parameter Description From Port / To Port Specify the port or range of ports you wish to configure. VLAN Precedence Use the drop down menu to select the VLAN precedence, choose either MAC Based VLAN or Subnet VLAN. MAC Based VLAN – Specifies that the MAC-based VLAN classification is given precedence over the subnet VLAN classification.
PAGE 91
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 13 QinQ Settings window The following fields can be set: Parameter Description From Port / To Port A consecutive group of ports that are part of the VLAN configuration starting with the selected port. Role The user can choose between UNI or NNI role. UNI – To select a user-network interface which specifies that communication between the specified user and a specified network will occur.
PAGE 92
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 14 VLAN Translation Settings window The following fields can be set: Parameter Description From Port / To Port A consecutive group of ports that are part of the VLAN configuration starting with the selected port. CVID (1-4094) The customer VLAN ID List to which the tagged packets will be added. Action Specify if you want SPVID packets to be added or replaced.
PAGE 93
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual 802.1v Protocol VLAN 802.1v Protocol Group Settings The table allows the user to create Protocol VLAN groups and add protocols to that group. The 802.1v Protocol VLAN Group Settings supports multiple VLANs for each protocol and allows the user to configure the untagged ports of different protocols on the same physical port. For example it allows the user to configure an 802.1Q and 802.1v untagged port on the same physical port.
PAGE 94
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual 802.1v Protocol VLAN Settings The table allows the user to configure Protocol VLAN settings. The lower half of the table displays any previously created settings. To view this window, click L2 Features > 802.1v Protocol VLAN > 802.
PAGE 95
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual RSPAN Settings This table controls the RSPAN function. The purpose of the RSPAN function is to mirror the packets to a remote switch. The packet travels from the switch where the monitored packet is received, through the intermediate switch, then to the switch where the sniffer is attached. The first switch is also named the source switch. RSPAN VLAN mirroring will only work when RSPAN Global Settings are enabled.
PAGE 96
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual The following fields can be set: Parameter Description From Port / To Port These two fields allow you to specify the range of ports that will be included in the Port-based VLAN that you are creating using the 802.1Q Port Settings window. GVRP The Group VLAN Registration Protocol (GVRP) enables the port to dynamically become a member of a VLAN. GVRP is Disabled by default. PVID The read-only field in the 802.
PAGE 97
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Leave All Time (100-100000) The time in milliseconds that specifies the amount of time the Switch will take to Leave All groups. The default is 10000. The Leave All Time must be greater than the Leave Time. NNI BPDU Address This specifies the GVRP’s pdu MAC address of the NNI port. Dot1d – Specifies GVRP’s pdu MAC address of NNI port using 802.1d. Dot1ad – Specifies GVRP’s pdu MAC address of NNI port using 802.1ad.
PAGE 98
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Port Trunking Understanding Port Trunk Groups Port trunk groups are used to combine a number of ports together to make a single high-bandwidth data pipeline. DGS-3700 Series supports up to 6 port trunk groups with 2 to 8 ports in each group. A potential bit rate of 8000 Mbps can be achieved. Figure 3 - 23 Example of Port Trunk Group The Switch treats all ports in a trunk group as a single port.
PAGE 99
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual same VLAN, and their STP status, static multicast, traffic control; traffic segmentation and 802.1p default priority configurations must be identical. Port locking, port mirroring and 802.1X must not be enabled on the trunk group. Further, the aggregated links must all be of the same speed and should be configured as full duplex.
PAGE 100
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual LACP Port Settings The LACP Port Settings window is used to create port trunking groups on the Switch. Using the following window, the user may set which ports will be active and passive in processing and sending LACP control frames.
PAGE 101
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Traffic Segmentation Traffic segmentation is used to limit traffic flow from a single port to a group of ports on either a single switch or a group of ports on another switch in a switch stack. This method of segmenting the flow of traffic is similar to using VLANs to limit traffic, but is more restrictive. It provides a method of directing traffic that does not increase the overhead of the Master switch CPU.
PAGE 102
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual BPDU Tunneling Settings This table is used to configure the BPDU Tunneling port types. When the device is operated with Q-in-Q enabled, DA will be replaced by the tunnel multicast address, and the BPDU will be tagged with the tunnel VLAN based on the Qin-Q VLAN configuration and the tunnel/uplink setting.
PAGE 103
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual IGMP Snooping Internet Group Management Protocol (IGMP) snooping allows the Switch to recognize IGMP queries and reports sent between network stations or devices and an IGMP host. When enabled for IGMP snooping, the Switch can open or close a port to a specific device based on IGMP messages passing through the Switch.
PAGE 104
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Time Query Interval (1-65535) The Query Interval field is used to set the time (in seconds) between transmitting IGMP queries. Entries between 1 and 65535 seconds are allowed. Default = 125. Max Response Time (1-25) This determines the maximum amount of time in seconds allowed before sending an IGMP response report. The Max Response Time field allows an entry between 1 and 25 (seconds). Default = 10.
PAGE 105
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual IGMP Snooping Rate Limit Settings This table allows the user to configure the rate of IGMP snooping control packets that are allowed per port or VLAN.
PAGE 106
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual IGMP Multicast Group Profile Settings This table allows the user to create igmp multicast group profiles and specify multicast address lists on the Switch.
PAGE 107
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual State Use the drop-down menu to toggle between Enabled and Disabled. Replace Source IP Enter an IP address that new IP address to be used. Member Port (e.g.:1-4,6) Select the ports that will be members of the Multicast VLAN. (Eg. Ports 1 to 4 and port 6) Source Port (e.g.:1-4,6) Select the source Port for the Multicast VLAN. Tagged Member Port (e.g.:1-4,6) Select the ports that will be tagged as members of the VLAN.
PAGE 108
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 38 IP Multicast Address Group List Settings – Group List window Enter the multicast Address List starting with the lowest in the range, and click Add. To return to the IP Multicast Profile Settings window, click the <
PAGE 109
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual MLD Snooping Multicast Listener Discovery (MLD) Snooping is an IPv6 function used similarly to IGMP snooping in IPv4. It is used to discover ports on a VLAN that are requesting multicast data.
PAGE 110
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 42 MLD Snooping Parameters Settings – Edit window The following parameters may be viewed or modified: Parameter Description VLAN ID This is the VLAN ID that, along with the VLAN Name, identifies the VLAN for which to modify the MLD Snooping Settings. VLAN Name This is the VLAN Name that, along with the VLAN ID, identifies the VLAN for which to modify the MLD Snooping Settings.
PAGE 111
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Click Apply to implement any changes made and <
PAGE 112
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 45 MLD Snooping Rate Limit Settings – Edit window Enter the new rate limit and click Apply.
PAGE 113
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 47 MLD Multicast Group Profile Settings window To configure the group list once a profile has been created, click on the hyperlinked Group List to reveal the following window: Figure 3 - 48 Multicast Group Profile Multicast Address Settings window – Group List Enter the Multicast Address List and click Add the new information will be displayed in the table.
PAGE 114
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Tagged Member Port (e.g.:1-4,6) Select the ports that will be tagged as members of the VLAN. To modify an entry click the corresponding Modify button. To remove an entry click the corresponding Delete button. IPv6 Multicast Profile Settings The IPv6 Multicast Profile Settings window allows the user to add a profile to which multicast IPv6 address(es) reports are to be received on specified ports or VLANs on the Switch.
PAGE 115
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual IPv6 Limited Multicast Range Settings The IPv6 Limited Multicast Range Settings enables the user to configure the ports or VLANs on the switch that will be involved in the Limited IPv6 Multicast Range. The user can configure the range of IPv6 multicast addresses that will be accepted on the ports or VLANs.
PAGE 116
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Port Mirror The Switch allows you to copy frames transmitted and received on a port and redirect the copies to another port. You can attach a monitoring device to the mirrored port, such as a sniffer or an RMON probe, to view details about the packets passing through the first port. This is useful for network monitoring and troubleshooting purposes.
PAGE 117
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Loopback Detection Settings The Loopback Detection function is used to detect the loop created by a specific port. This feature is used to temporarily shutdown a port on the Switch when a loop detecting packet has been looped back to the switch. When the Switch detects that these packets are received from a port or a VLAN, it signifies a loop on the network.
PAGE 118
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Spanning Tree This Switch supports three versions of the Spanning Tree Protocol; 802.1D-2004 STP compatible, 802.11d-2004 Rapid STP and 802.1q-2005 MSTP. 802.1D STP will be familiar to most networking professionals. However, since 802.1w RSTP has been recently introduced to D-Link managed Ethernet switches, a brief introduction to the technology is provided below followed by a description of how to set up 802.1D STP and 802.
PAGE 119
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual P2P Port A P2P port is also capable of rapid transition. P2P ports may be used to connect to other bridges. Under RSTP, all ports operating in full-duplex mode are considered to be P2P ports, unless manually overridden through configuration. 802.1D and 802.1w Compatibility RSTP can interoperate with legacy equipment and is capable of automatically adjusting BPDU packets to 802.1D format when necessary.
PAGE 120
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual STP Bridge Global Settings This window is used to enable and configure the STP bridge global settings on the Swtich. To view this window, click L2 features > Spanning Tree > STP Bridge Global Settings as shown below: Figure 3 - 57 STP Bridge Global Settings window The following parameters can be set: Parameter Description STP State Use the radio buttons to enable or disable the STP Status.
PAGE 121
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Max Hops (1-20) Used to set the number of hops between devices in a spanning tree region before the BPDU (bridge protocol data unit) packet sent by the Switch will be discarded. Each switch on the hop count will reduce the hop count by one until the value reaches zero. The Switch will then discard the BPDU packet and the information held for the port will age out. The user may set a hop count from 1 to 20. The default is 20.
PAGE 122
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual STP Port Settings This window is used to configure the STP Port Settings on the Swtich. STP can be set up on a port per port basis.
PAGE 123
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Migrate Setting this parameter as Yes will set the ports to send out BPDU packets to other bridges, requesting information on their STP setting If the Switch is configured for RSTP, the port will be capable to migrate from 802.1D STP to 802.1w RSTP. Migration should be set as yes on ports connected to network stations or segments that are capable of being upgraded to 802.1w RSTP on all or some portion of the segment.
PAGE 124
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Parameter Description Configuration Name A previously configured name set on the Switch to uniquely identify the MSTI (Multiple Spanning Tree Instance). If a configuration name is not set, this field will show the MAC address to the device running MSTP. This field can be set in the STP Bridge Global Settings window.
PAGE 125
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 61 STP Instance Settings - View window MSTP Port Information This window displays the current MSTP Port Information and can be used to update the port configuration for an MSTI ID. If a loop occurs, the MSTP function will use the port priority to select an interface to put into the forwarding state. Set a higher priority value for interfaces to be selected for forwarding first.
PAGE 126
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Forwarding & Filtering This folder contains windows for Unicast Forwarding, Multicast Forwarding and Multicast Filtering Mode.
PAGE 127
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual The following parameters can be set: Parameter Description VID The VLAN ID of the VLAN to which the corresponding MAC address belongs. Multicast MAC Address The MAC address of the static source of multicast packets. This must be a multicast MAC address.
PAGE 128
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual LLDP Global Settings This window is used to configure the LLDP Global Settings on the Switch. When LLDP is enabled the Switch can start to transmit, receive and process LLDP packets. The specific function of each port will depend on the per port LLDP settings. LLDP Global State is Disabled by default.
PAGE 129
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual LLDP Port Settings This window is used to display the LLDP port settings on the Switch. The ports can be individually configured to send notifications to configured SNMP trap receivers.
PAGE 130
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual LLDP Management Address List This window is used to find the LLDP management address information on the Switch. To view this window, click L2 Features > LLDP > LLDP Management Address List as shown below: Figure 3 - 68 LLDP Management Address List window The following parameters can be set: Parameter Description Address Use the drop down menu to select either the IPv4 or IPv6 Address.
PAGE 131
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Port Description Use the drop-down menu to enable or disable port description. System Name Use the drop-down menu to enable or disable system name. System Description Use the drop-down menu to enable or disable system description. System Capabilities Use the drop-down menu to enable or disable system capabilities. Click Apply to implement changes made.
PAGE 132
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Tree Protocol, the Link Aggregation Contol Protocol, and numerous vendor proprietary variations are responsible for maintaining the topology and connectivity of the network. If EAPOL, GVRP, STP (including MSTP), and LACP protocol identity is enabled on this port and it is enabled to be advertised, then this protocol identity will be advertised. Click Apply to implement changes made.
PAGE 133
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual To view this window, click L2 Features > LLDP > LLDP Statistics System as shown below: Figure 3 - 72 LLDP Statistics System window LLDP Local Port Information LLDP Local Port Information window displays the information on a per port basis currently available for populating outbound LLDP advertisements in the local port brief table shown below.
PAGE 134
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 75 LLDP Local Port Information (Show Detail) window To return to the LLDP Local Port Information window click the <
PAGE 135
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 78 CFM Port Settings window Enter the port list you wish to Enable and click Apply. CFM CCM PDUs Forwarding Mode This window is used to configure the CFM CCM PDU forwarding mode on the Switch. By default the CCM message is handled and forwarded by software. The software can handle the packet based on behaviour defined by the standard.
PAGE 136
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 3 - 81 CFM MIPCCM List window Connectivity Fault Management Settings This window is used to configure the CFM settings on the Switch. To view this window, click L2 Features > CFM > Connectivity Fault Management Settings as shown below: Figure 3 - 82 Connectivity Fault Management Settings window The following parameters can be set or are displayed: Parameter Description CFM State Used to Enable or Disable the CFM State.
PAGE 137
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual MIP This setting controls the creation of MIPs. None – Means that no MIPs will be created. This is the default value. Auto – MIPs are created when the next lower active MD-level on the port is reached or there are no lower active MD levels. Explicit – MIPs are created when the next lower active MD-level on the port is reached. SenderID TLV Used to define the TLV data types of the maintenance domain.
PAGE 138
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual LBMs Priority The 802.1p priority to be set in the transmitted LBMs. If not specified it uses the same priority as CCMs and LTMs sent by the MEP. Click Apply to implement changes made. CFM Linktrace Settings This window is used to configure the CFM linktrace settings on the Switch.
PAGE 139
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Ethernet OAM Ethernet OAM Settings This window is used to configure the ports Ethernet OAM mode. In Active mode the ports can initiate OAM discovery and start or stop remote loopback. When a port in OAM enabled, any change to the OAM mode will cause the OAM discovery to be restarted.
PAGE 140
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Ethernet OAM Configuration Settings This window is used to configure and display the primary controls and status information for Ethernet OAM on the Switch.
PAGE 141
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Section 4 QoS HOL Blocking Pevention Bandwidth Control Traffic Control 802.1p Default Priority 802.1p User Priority QoS Scheduling Mechanism QoS Scheduling In Band Manage Settings SRED The DGS-3700 Series supports 802.1p priority queuing Quality of Service. The following section discusses the implementation of QoS (Quality of Service) and benefits of using 802.1p priority queuing.
PAGE 142
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 4 - 1 Mapping QoS on the Switch The picture above shows the default priority setting for the Switch. Class-7 has the highest priority of the eight priority queues on the Switch. In order to implement QoS, the user is required to instruct the Switch to examine the header of a packet to see if it has the proper identifying tag tagged.
PAGE 143
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual For strict priority-based scheduling, any packets residing in the higher priority queues are transmitted first. Multiple strict priority queues empty based on their priority tags. Only when these queues are empty, are packets of lower priority transmitted. For weighted round-robin queuing, the number of packets sent from each priority queue depends upon the assigned weight.
PAGE 144
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual HOL Blocking Pevention This window is used to enable HOL Prevention Settings on the Switch. To view this window, click QoS > HOL Blocking Prevention Settings as shown below: Figure 4 - 2 HOL Prevention Settings window Bandwidth Control The bandwidth control settings are used to place a ceiling on the transmitting and receiving data rates for any selected port.
PAGE 145
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Rate (64-1024000) This field allows you to enter the data rate, in Kbits per second, that will be the limit for the selected port. The value must be a multiple of 64, between 64 and 1024000. Click Apply to set the bandwidth control for the selected ports. Results of configured Bandwidth Settings will be displayed in the Bandwidth Control Table on the lower half of the window.
PAGE 146
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual The following parameters can be configured: Parameter Description Traffic Control Settings From Port / To Port A consecutive group of ports may be configured starting with the selected port. Action Select the method of traffic Control from the pull-down menu.
PAGE 147
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual NOTE: Ports that are in the Shutdown forever mode will be seen as Discarding in Spanning Tree windows and implementations though these ports will still be forwarding BPDUs to the Switch’s CPU. NOTE: Ports that are in Shutdown Forever mode will be seen as link down in all windows and screens until the user recovers these ports. 802.1p Default Priority The Switch allows the assignment of a default 802.
PAGE 148
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual 802.1p User Priority The Switch allows the assignment of a user priority to each of the 802.1p priorities. To view this window, click QoS > 802.1p User Priority as shown below: Figure 4 - 6 802.1p User Priority window Once you have assigned a priority to the port groups on the Switch, you can then assign this Class to each of the 7 levels of 802.1p priorities. Click Apply to set your changes.
PAGE 149
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 4 - 7 QoS Scheduling Mechanism The following parameters can be configured. Parameter Description From Port / To Port Enter the port or port list you wish to configure. Scheduling Mechanism Strict – The highest class of service is the first to process traffic. That is, the highest class of service will finish before other queues empty.
PAGE 150
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 4 - 8 QoS Scheduling The following parameters can be configured: Parameter Description From Port / To Port Enter the port or port list you wish to configure. Class ID Select the Class ID, from 0-7, to configure for the QoS parameters. Scheduling Mechanism Strict – The highest class of service is the first to process traffic. That is, the highest class of service will finish before other queues empty.
PAGE 151
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 4 - 9 In Band Manage Settings Select the priority and click Apply. SRED Simple random early detection (sRED) is a simplified RED mechanism based on ASIC capability. Random Early Detection (RED) is a congestion avoidance mechanism at the gateway in packet switched networks. RED gateways keep the average queue size low while allowing occasional bursts of packets in the queue.
PAGE 152
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual From port / To port A consecutive group of ports may be configured starting with the selected port. Class ID Select the Class ID, from 0-7, to configure for the SRED parameters. Selecting all will set the parameters configured here for all CoS queues.
PAGE 153
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SRED Drop Counter This window is used to view the SRED Drop Counter settings on the Switch. To view this window, click QoS > SRED > SRED Drop Counter as shown below: Figure 4 - 11 SRED Drop Counter window DSCP Trust Settings This window is used to enable DSCP Trust Settings on the Switch.
PAGE 154
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 4 - 13 DSCP Map Settings window The following parameters may be set: Parameter Description From port / To port A consecutive group of ports may be configured starting with the selected port. DSCP Map Use the drop-down menu to choose a DSCP Map, you can choose between DSCP Priority, DSCP DSCP and DSCP Color.
PAGE 155
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual 802.1p Map Settings This window is used to enable 802.1p Map Settings. To view this window, click QoS > SRED > 802.1p Map Settings as shown below: Figure 4 - 14 DSCP Map Settings window The following parameters may be set: Parameter Description From port / To port A consecutive group of ports may be configured starting with the selected port. Priority List(0-7) This parameter is specified if you want to re-write the 802.
PAGE 156
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Section 5 Security Safeguard Engine Trusted Host IP-MAC-Port Binding Port Security DHCP Server Screening Settings 802.1X SSL Settings SSH Access Authentication Control MAC-based Access Control Web Authentication NetBIOS Filtering Safeguard Engine Periodically, malicious hosts on the network will attack the Switch by utilizing packet flooding (ARP Storm) or other methods.
PAGE 157
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 5 - 1 Mapping QoS on the Switch For every consecutive checking interval that reveals a packet flooding issue, the Switch will double the time it will accept a few ingress ARP and IP broadcast packets. In the example above, the Switch doubled the time for dropping ARP and IP broadcast packets when consecutive flooding issues were detected at 5-second intervals.
PAGE 158
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Parameter Description Rising Threshold Used to configure the acceptable level of CPU utilization before the Safeguard Engine mechanism is enabled. Once the CPU utilization reaches this percentage level, the Switch will move into the Exhausted state. Falling Threshold Used to configure the acceptable level of CPU utilization as a percentage, where the Switch leaves the Exhausted state and returns to normal mode.
PAGE 159
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Switch will send a trap message to the SNMP agent and the Switch log when an ARP packet is received that doesn’t match the IP-MAC binding configuration set on the Switch.
PAGE 160
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual From Port / To Port Select a port or range of ports to set for IP-MAC Binding. State Use the pull-down menu to Enable or Disable these ports for IP-MAC Binding. Enabled Strict – This mode provides a stricter method of control. If the user selects this mode, all packets will be sent to the CPU, thus all packets will not be forwarded by the hardware until the S/W learns the entries for the ports.
PAGE 161
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual IMP Binding Entry Settings This table is used to create Static IP MAC Binding Port entries on the switch. To view this window, click Security > IP-MAC-Port Binding > IMP Binding Entry Settings as shown below: Figure 5 - 6 IMP Binding Entry Settings window The following fields can be set or modified: Parameter Description IP Address Enter the IP address to bind to the MAC address set below.
PAGE 162
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual DHCP Snooping Entries This table is used to view dynamic entries on specific ports. To view particular port settings, enter the port number and click Find. To view all entries click View All, and to delete an entry, click Clear.
PAGE 163
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 5 - 9 Port Security Port Settings window The following parameters can be set: Parameter Description From Port / To Port A consecutive group of ports may be configured starting with the selected port. Admin State This pull-down menu allows you to enable or disable Port Security (locked MAC address table for the selected ports).
PAGE 164
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Parameter Description VLAN Name Specifies a VLAN or list of VLANs by VLAN Name. VLAN ID (e.g.:1,4-6) Specifies a VLAN or list of VLANs by VLAN ID. Max Learning Address Specifies the maximum number of port-security entries that can be learned by this VLAN. If this parameter is set to 0, no user can get authorization on this VLAN.
PAGE 165
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual DHCP Screening Port Settings The Switch supports DHCP Server Screening, a feature that denies access to rogue DHCP servers. When the DHCP server filter function is enabled, all DHCP server packets will be filtered from a specific port.
PAGE 166
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Client’s MAC Address The MAC address of the DHCP client. Only multiple legal DHCP servers on the network need to be entered in this field. If there is only one legal DHCP server on the network, no input to this field is allowed. Ports Choose the range of ports that you want to use as the DHCP server, or check the All Ports box if you wish to use all the ports on the switch. Click Apply to implement changes. 802.1X 802.
PAGE 167
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual connected to a port on the Switch must be authenticated by the Authentication Server (RADIUS) before attaining any services offered by the Switch on the LAN.
PAGE 168
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Client The Client is simply the endstation that wishes to gain access to the LAN or switch services. All endstations must be running software that is compliant with the 802.1X protocol. For users running Windows XP or Windows Vista, that software is included within the operating system. All other users are required to attain 802.1X client software from an outside source.
PAGE 169
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Understanding 802.1X Port-based and Host-based Network Access Control The original intent behind the development of 802.1X was to leverage the characteristics of point-to-point in LANs. As any single LAN segment in such infrastructures has no more than two devices attached to it, one of which is a Bridge Port.
PAGE 170
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Host-Based Network Access Control Figure 5 - 21 Example of Typical Host-Based Configuration In order to successfully make use of 802.1X in a shared media LAN segment, it would be necessary to create “logical” Ports, one for each attached device that required access to the LAN.
PAGE 171
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual 802.1X Global Settings This window is used to configure the 802.1X Global Settings on the Switch. To view this window, click Security > 802.1X > 802.1X Global Settings as shown below: Figure 5 - 22 802.
PAGE 172
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual This window allows you to set the following features: Parameter Description From Port / To Port Enter the port or ports to be set. QuietPeriod (0-65535) This allows you to set the number of seconds that the Switch remains in the quiet state following a failed authentication exchange with the client. The default setting is 60 seconds.
PAGE 173
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual 802.1X User To create a new 802.1X User enter a user name and password then reconfirm the password and click Apply, the new user will be displayed in the lower half of the table. To delete an entry click the corresponding Delete button. To view this window, click Security > 802.1X > 802.1X User as shown below: Figure 5 - 24 802.
PAGE 174
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Confirm Key Re-enter the previously entered Key. Click Apply to implement changes. Initialize Port(s) This window allows you to initialize ports for the 802.1X Settings. This window will appear in the folder when the “enable 802.1x” command is entered into the command line interface or when the authentication mode is changed to Port Based or MAC Based in the 802.1X Global Settings window.
PAGE 175
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Guest VLAN Configuration On 802.1X security enabled networks, there is a need for non 802.1X supported devices to gain limited access to the network, due to lack of the proper 802.1X software or incompatible devices, such as computers running Windows 98 or lower operating systems, or the need for guests to gain access to the network without full authorization. To supplement these circumstances, this switch now implements 802.
PAGE 176
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Guest VLAN This window is used to configure the Guest VLAN on the Switch. To view this window, click Security > 802.1X > Guest VLAN as shown below: Figure 5 - 29 Guest VLAN window The following fields may be modified to enable the 802.1X Guest VLAN: Parameter Description VLAN Name Enter the pre-configured VLAN name to create as an 802.1X Guest VLAN. Port List Set the port list of ports to be enabled for the 802.1X Guest VLAN.
PAGE 177
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual the ciphersuites available, yet different ciphersuites will affect the security level and the performance of the secured connection. The information included in the ciphersuites is not included with the Switch and requires downloading from a third source in a file form called a certificate.
PAGE 178
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SSL Ciphersuite Settings RSA with RC4_128_MD5 This ciphersuite combines the RSA key exchange, stream cipher RC4 encryption with 128bit keys and the MD5 Hash Algorithm. Use the pull-down menu to enable or disable this ciphersuite. This field is enabled by default. RSA with 3DES EDE CBC SHA This ciphersuite combines the RSA key exchange, CBC Block Cipher 3DES_EDE encryption and the SHA Hash Algorithm.
PAGE 179
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual SSH SSH is an abbreviation of Secure Shell, which is a program allowing secure remote login and secure network services over an insecure network. It allows a secure login to remote host computers, a safe method of executing commands on a remote end node, and will provide secure encrypted and authenticated communication between two non-trusted hosts.
PAGE 180
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual security shell encryptions. The available options are Never, 10 min, 30 min, and 60 min. The default setting is Never. Click Apply to implement changes made. SSH Authmode and Algorithm Settings The SSH Algorithm window allows the configuration of the desired types of SSH algorithms used for authentication encryption.
PAGE 181
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Cast128-CBC Check the box to enable the Cast128 encryption algorithm with Cipher Block Chaining. The default is enabled. Twofish128 Check the box to enable the twofish128 encryption algorithm. The default is enabled. Twofish192 Check the box to enable the twofish192 encryption algorithm. The default is enabled. Twofish256 Check the box to enable the twofish256 encryption algorithm. The default is enabled.
PAGE 182
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Password – This parameter should be chosen if the administrator wishes to use an administrator-defined password for authentication. Upon entry of this parameter, the Switch will prompt the administrator for a password, and then to re-type the password for confirmation. Public Key – This parameter should be chosen if the administrator wishes to use the publickey on a SSH server for authentication.
PAGE 183
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual The administrator for the Switch may set up six different authentication techniques per user-defined method list (TACACS/XTACACS/TACACS+/RADIUS/local/none) for authentication. These techniques will be listed in an order preferable, and defined by the user for normal user authentication on the Switch, and may contain up to eight authentication techniques.
PAGE 184
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Authentication Policy Settings This command will enable an administrator-defined authentication policy for users trying to access the Switch. When enabled, the device will check the Login Method List and choose a technique for user authentication upon login.
PAGE 185
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual a previously configured method list. The user may use the default Method List or other Method List configured by the user. See the Login Method Lists window, in this section, for more information. Enable Method List Using the pull-down menu, configure an application for normal login on the user level, utilizing a previously configured method list.
PAGE 186
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 5 - 38 Authentication Server Group Settings Edit window To add an Authentication Server Host to the list, enter its IP address in the IP Address field, choose the protocol associated with the IP address of the Authentication Server Host and click Add to add this Authentication Server Host to the group.
PAGE 187
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual IP Address The IP address of the remote server host the user wishes to add. Port (1-65535) Enter a number between 1 and 65535 to define the virtual port number of the authentication protocol on a server host. The default port number is 49 for TACACS/XTACACS/TACACS+ servers and 1813 for RADIUS servers but the user may set a unique port number for higher security. Protocol The protocol used by the server host.
PAGE 188
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 5 - 40 Login Method Lists window The Switch contains one Method List that is set and cannot be removed, yet can be modified. To delete a Login Method List defined by the user, click the corressponding Delete button. To modify a Login Method List, click on its corresponding Edit button.
PAGE 189
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual NOTE: To set the Local Enable Password, see the next section, entitled Local Enable Password. To view the following table, click Security > Access Authentication Control > Enable Method Lists as shown below: Figure 5 - 41 Enable Method List window To delete an Enable Method List defined by the user, click the correspoinding Delete button. To modify an Enable Method List, click its corresponding Edit button.
PAGE 190
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 5 - 42 Local Enable Password window To set the Local Enable Password, set the following parameters and click Apply.
PAGE 191
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 5 - 43 RADIUS Accounting Settings window MAC-based Access Control MAC-based Access Control is a method to authenticate and authorize access using either a port or host. For portbased MAC, the method decides port access rights, while for host-based MAC, the method determines the MAC access rights. A MAC user must be authenticated before being granted access to a network.
PAGE 192
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 5 - 44 MAC-based Access Control Settings window The following parameters may be viewed or set: Parameter Description Settings MBA Global State Click the radio buttons to globally enable or disable the MAC-based Access Control function on the Switch. Method Use the pull-down menu to choose the type of authentication to be used when authentication MAC addresses on a given port.
PAGE 193
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual unauthenticated state. The range is between 1 and 1440 minutes. The default is 1440. Hold Time (1-300) If a host fails to pass authentication, the next authentication will not started within hold time unless the user clears the entry state manually. The default is 300. Click Apply to implement changes.
PAGE 194
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Web Authentication Web authentication, also known as Web-based Access Control, is another port based access control method implemented similarily to the 802.1X port based access control method previously stated.
PAGE 195
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Conditions and Limitations 1. The subnet of the authentication VLAN’s IP interface must be the same as that of the client. If not configured properly, the authentication will be permanently denied by the authenticator. 2. If the client is utilizing DHCP to attain an IP address, the authentication VLAN must provide a DHCP server or a DHCP relay function so that client may obtain an IP address. 3.
PAGE 196
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual for users trying to access the network via the switch. This RADIUS server must have already been pre-assigned by the administrator using the RADIUS Server window located in the 802.1X section. Logout Timer (1-1440) The logout time in displayed in minutes, enter a value between 1 and 1440. Authentication VLAN Enter the VLAN name which users will be placed while authenticated by the Switch or a RADIUS server.
PAGE 197
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual User Name Enter the username of up to 15 alphanumeric characters of the guest wishing to access the web through this process. This field is for administrators who have selected local as their web based authenticator. VLAN Name Enter the VLAN name of a previously configured VLAN to which the successfully authenticated web user will be mapped. Password Enter the password the administrator has chosen for the selected user.
PAGE 198
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Section 6 ACL ACL Configuration Wizard Access Profile List CPU Access Profile List ACL Finder ACL Flow Meter Access profiles allow you to establish criteria to determine whether or not the Switch will forward packets based on the information contained in each packet's header. These criteria can be specified on a basis of Packet Content, MAC address, or IP address.
PAGE 199
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual From Use the drop-down menu to select from MAC Address, IPv4 Address or IPv6. To Use the drop-down menu to select from MAC Address, IPv4 Address or IPv6. When IPv6 is selected the user can only enter the IPv6 source address or the IPv6 destination address at any one time.
PAGE 200
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 3 Add Access Profile (Ethernet) If creating an Ethernet ACL enter the Profile ID and Profile Name and click Select the following window will appear.
PAGE 201
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 4 Add Ethernet ACL Profile window Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create. To return to the Access Profile List page click Back. The following parameters can be configured.
PAGE 202
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Ethernet Type Selecting this option instructs the Switch to examine the Ethernet type value in each frame's header. Click Create to view the new Access Profile List entry in the Access Profile List table shown below. To add another Access Profile click Add ACL Profile. To delete a profile click the corresponding Delete button, to view the specific configurations for an entry click the Show Details button.
PAGE 203
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 7 Access Profile Ethernet To set the Access Rule for Ethernet, adjust the following parameters and click Apply. Parameter Description Access ID (1-128) Type in a unique identifier number for this access. This value can be set from 1 to 128. Auto Assign – Ticking this check box will instruct the Switch to automatically assign an Access ID for the rule being created.
PAGE 204
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Precedence header. Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window. This will set specific times when this access rule will be implemented on the Switch. Rx Rate (1-15624) Use this to limit Rx bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64Kbit/sec. (ex.
PAGE 205
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 10 Add IPv4 ACL Profile Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create. To return to the Access Profile List page click Back.
PAGE 206
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual code value. Select IGMP to instruct the Switch to examine the Internet Group Management Protocol (IGMP) field in each frame's header. Select Type to further specify that the access profile will apply an IGMP type value Select TCP to use the TCP port number contained in an incoming packet as the forwarding criterion. Selecting TCP requires that you specify a source port mask and/or a destination port mask.
PAGE 207
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 12 Access Profile Details (IPv4) To return to the Access Profile List click Show All Profiles, to add a rule to a previously configured entry click on the corresponding Add/View Rules, which will reveal the following window; Figure 6 - 13 Access Profile (IPv4) The following parameters may be configured for the IP (IPv4) filter.
PAGE 208
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Switch Replace DSCP Select this option to instruct the Switch to replace the DSCP value (in a packet that meets the selected criteria) with the value entered in the adjacent field. Replace ToS Precedence Select this option to instruct the Switch to replace the Type of Service as part of the packet header. VLAN Mask Allows the entry of a name for a previously configured VLAN.
PAGE 209
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 16 Add IPv6 ACL Profile Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create. To return to the Access Profile List page click Back.
PAGE 210
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Click Create to view the new Access Profile List entry in the Access Profile List table shown below. To add another Access Profile click Add ACL Profile. To delete a profile click the corresponding Delete button, to view the specific configurations for an entry click the Show Details button. To add a rule to the Access Profile entry, click the Add/View Rules button.
PAGE 211
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 19 Access Profile (IPv6) The following parameters may be configured for the IP (IPv6) filter. Parameter Description Access ID (1-128) Enter a unique identifier number for this access. This value can be set from 1 to 128. Class Specifies the IPv6 Class. Enter a value between 0 – 255. Flow Label Specifies the IPv6 Flow Label. Enter a value between 0 – FFFFF.
PAGE 212
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Precedence bits field in IPv4. Rx Rate (1-15624) Use this to limit Rx bandwidth for the profile being configured. This rate is implemented using the following equation: 1 value = 64Kbit/sec. (ex. If the user selects an Rx rate of 10 then the ingress rate is 640Kbit/sec.) The user many select a value between 1 and 15624 or tick the No Limit check box. The default setting is No Limit.
PAGE 213
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 22 Add Packet Content ACL Profile Click on the boxes at the top of the table, which will then turn red and reveal parameters for configuration. To create a new entry enter the correct information and click Create. To return to the Access Profile List page click Previous Page.
PAGE 214
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual able to inspect any specified content of a packet in different protocol layers. Click Apply to implement changes made. Click Create to view the new Access Profile List entry in the Access Profile List table shown below. To add another Access Profile click Add ACL Profile. To delete a profile click the corresponding Delete button, to view the specific configurations for an entry click the Show Details button.
PAGE 215
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 25 Access Profile (Packet Content) The following parameters may be configured for the Packet Content filter. Parameter Description Access ID (1-128) Type in a unique identifier number for this access. This value can be set from 1 to 128. Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below).
PAGE 216
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Counter Enable or disable the counter settings. Ports Specifies that the access rule will take effect on one port or a range of ports. VLAN Name Specifies the access rule will take effect on the VLAN Name specified. VLAN ID Specifies the access rule will take effect on the VLAN ID specified. Click Apply to display the following Access Rule List window.
PAGE 217
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual CPU Access Profile List In the following window, the user may globally enable or disable the CPU Interface Filtering State mechanism by using the radio buttons to change the running state. To view this window, click ACL > CPU Access Profile List as shown below: Choose Enabled to enable CPU packets to be scrutinized by the Switch and Disabled to disallow this scrutiny.
PAGE 218
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 29 Add CPU ACL Profile window for Ethernet Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6, or packet content mask. This will change the menu according to the requirements for the type of profile.
PAGE 219
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 30 CPU Access Profile Detail Information window for Ethernet The window shown below is the Add CPU ACL Profile window for IP (IPv4). Figure 6 - 31 Add CPU ACL Profile window for IP (IPv4) The following parameters may be configured for the IP (IPv4) filter. Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5.
PAGE 220
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Destination IP Mask Enter an IP address mask for the destination IP address. Protocol Selecting this option instructs the Switch to examine the protocol type value in each frame's header. You must then specify what protocol(s) to include according to the following guidelines: Select ICMP to instruct the Switch to examine the Internet Control Message Protocol (ICMP) field in each frame's header.
PAGE 221
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 33 Add CPU ACL Profile window for IPv6 The following parameters may be configured for the IPv6 filter. Parameter Description Select Profile ID Use the drop-down menu to select a unique identifier number for this profile set. This value can be set from 1 to 5. Select ACL Type Select profile based on Ethernet (MAC Address), IPv4 address, IPv6, or packet content mask.
PAGE 222
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual To view the settings of a previously correctly created profile, click the corresponding Show Details button on the CPU Access Profile List window to view the following window: Figure 6 - 34 CPU Access Profile Detail Information window for IPv6 The window shown below is the Add CPU ACL Profile window for Packet Content.
PAGE 223
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual • • • • the 15th byte. 16-31 – Enter a value in hex form to mask the packet from byte 16 to byte 31. 32-47 – Enter a value in hex form to mask the packet from byte 32 to byte 47. 48-63 – Enter a value in hex form to mask the packet from byte 48 to byte 63. 64-79 – Enter a value in hex form to mask the packet from byte 64 to byte 79. Click Apply to set this entry in the Switch’s memory.
PAGE 224
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below). Select Deny to specify the packets that match the access profile to be filtered. Ethernet Type (0-FFFF) Selecting this option instructs the Switch to examine the Ethernet type value in each frame's header.
PAGE 225
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual To establish the rule for a previously created CPU Access Profile: To configure the Access Rules for IP, open the CPU Access Profile List window and click Add/View Rules for an IP entry. This will open the following window. Figure 6 - 40 CPU Access Rule List window for IP To remove a previously created rule, click the corresponding Delete Rules button.
PAGE 226
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 6 - 42 CPU Access Rule Detail Information window for IP To establish the rule for a previously created CPU Access Profile: To configure the Access Rules for IP, open the CPU Access Profile List window and click Add/View Rules for an IPv6 entry. This will open the following window. Figure 6 - 43 CPU Access Rule List window for IPv6 To remove a previously created rule, click the corresponding Delete Rules button.
PAGE 227
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual default quality of service or real time service packets. Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously configured in the Time Range Settings window. This will set specific times when this access rule will be implemented on the Switch. Ports Specifies the access rule can take effect on one port or a range of ports.
PAGE 228
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Parameter Description Access ID (1-100) Type in a unique identifier number for this access. This value can be set from 1 to 100. Action Select Permit to specify that the packets that match the access profile are forwarded by the Switch, according to any additional rule added (see below). Select Deny to specify the packets that match the access profile to be filtered.
PAGE 229
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual To view this window, click ACL > ACL Flow Meter as shown below: Figure 6 - 50 ACL Flow Meter window The following fields may be configured: Parameter Description Profile ID The pre-configured Profile ID for which to configure the Flow Metering parameters. Access ID The pre-configured Access ID for which to configure the Flow Metering parameters.
PAGE 230
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Access ID (1-128) Enter the Access ID that will be used to configure the Flow Metering parameters, enter a value between 1 and 128. Mode Select the mode to be used either trTCM or srTCM and enter the corresponding information. trTCM – Two Rate Three Color Marker, marks packets green, yellow or red based on two rates and two burst sizes. It is useful when peak rates need to be enforced.
PAGE 231
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Section 7 Monitoring Device Status Cable Diagnostic CPU Utilization Port Utilization Packet Size Memory Utilization Packets Errors Port Access Control Browse ARP Table VLAN IGMP Snooping MLD Snooping Browse Session Table CFM MAC Address Table Browse VLAN Counter Statistics Ethernet OAM Historical Counter & Utilization System Log Device Status The Device Status window displays status information for Power Status, Temperature and S
PAGE 232
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 2 Cable Diagnostic window Enter the port number you wish to test and click Test, the results will be display on the lower half of the table. CPU Utilization The CPU Utilization window displays the percentage of the CPU being used, expressed as an integer percentage and calculated as a simple average by time interval.
PAGE 233
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Port Utilization The Port Utilization window displays the percentage of the total available bandwidth being used on the port. To view this window, click Monitoring > Port Utilization as shown below: Figure 7 - 4 Port Utilization window To select a port to view these statistics for, select the port by using the Port pull-down menu.
PAGE 234
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 5 Packet Size window To view the Packet Size Table window, click the link View Table, which will show the following table: Figure 7 - 6 Packet Size Table window The following fields can be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds.
PAGE 235
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual (excluding framing bits but including FCS octets). 65-127 The total number of packets (including bad packets) received that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets). 128-255 The total number of packets (including bad packets) received that were between 128 and 255 octets in length inclusive (excluding framing bits but including FCS octets).
PAGE 236
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 8 Received (RX) window (for Bytes and Packets) To view the Received (RX) Table window, click View Table. Figure 7 - 9 Received (RX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds.
PAGE 237
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Bytes Counts the number of bytes received on the port. Packets Counts the number of packets received on the port. Unicast Counts the total number of good packets that were received by a unicast address. Multicast Counts the total number of good packets that were received by a multicast address. Broadcast Counts the total number of good packets that were received by a broadcast address.
PAGE 238
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 11 UMB_cast (RX) Table window (for Unicast, Multicast, and Broadcast Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second.
PAGE 239
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual To view this window, click Monitoring > Packets > Transmitted (TX) as shown below: Figure 7 - 12 Transmitted (TX) window (for Bytes and Packets) To view the Transmitted (TX) Table window, click the link View Table. Figure 7 - 13 Transmitted (TX) Table window (for Bytes and Packets) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics.
PAGE 240
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual 200. Bytes Counts the number of bytes successfully sent on the port. Packets Counts the number of packets successfully sent on the port. Unicast Counts the total number of good packets that were transmitted by a unicast address. Multicast Counts the total number of good packets that were transmitted by a multicast address. Broadcast Counts the total number of good packets that were transmitted by a broadcast address.
PAGE 241
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Errors The Web Manager allows port error statistics compiled by the Switch's management agent to be viewed as either a line graph or a table. Four windows are offered. Received (RX) To select a port to view these statistics for, select the port by using the Port pull-down menu. The user may also use the real-time graphic of the Switch at the top of the web page by simply clicking on a port.
PAGE 242
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual The following fields can be set: Parameter Description Port Use the drop-down menu to choose the port that will display statistics. Time Interval Select the desired setting between 1s and 60s, where "s" stands for seconds. The default value is one second. Record Number Select number of times the Switch will be polled between 20 and 200. The default value is 200.
PAGE 243
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 16 Transmitted (TX) window (for errors) To view the Transmitted (TX) Table window, click the link View Table, which will show the following table: Figure 7 - 17 Transmitted (TX) Table window (for errors) The following fields may be set or viewed: Parameter Description Port Use the drop-down menu to choose the port that will display statistics.
PAGE 244
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual CRC Error Counts otherwise valid packets that did not end on a byte (octet) boundary. LateColl Counts the number of times that a collision is detected later than 512 bit-times into the transmission of a packet. ExColl Excessive Collisions. The number of packets for which transmission failed due to excessive collisions. SingColl Single Collision Frames.
PAGE 245
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual as sysName in MIB II.) ServerIndex The identification number assigned to each RADIUS Authentication server that the client shares a secret with. AuthServerAddress The (conceptual) table listing the RADIUS authentication servers with which the client shares a secret. ServerPortNumber The UDP port the client is using to send requests to this server.
PAGE 246
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 19 RADIUS Account Client window The user may also select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second. To clear the current statistics shown, click the Clear button in the top left hand corner.
PAGE 247
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual PacketsDropped The number of RADIUS packets, which were received from this server on the accounting port and dropped for some other reason. Authenticator State The following section describes the 802.1X Status on the Switch. To view this window, click Monitoring > Port Access Control > Authenticator State as shown below: Figure 7 - 20 Authenticator State window (for MAC-based 802.
PAGE 248
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Authenticator Statistics This window contains the statistics objects for the Authenticator PAE associated with each port. An entry appears in this table for each port that supports the Authenticator function. To view this window, click Monitoring > Port Access Control > Authenticator Statistics as shown below: Figure 7 - 22 Authenticator Statistics window (for MAC-based 802.
PAGE 249
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Rx Resp The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator. Rx Invalid The number of EAPOL frames that have been received by this Authenticator in which the frame type is not recognized. Rx Error The number of EAPOL frames that have been received by this Authenticator in which the Packet Body Length field is invalid.
PAGE 250
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual The user may select the desired time interval to update the statistics, between 1s and 60s, where “s” stands for seconds. The default value is one second. The following fields can be viewed: Parameter Description Port The identification number assigned to the Port by the System in which the Port resides. Octets Rx The number of octets received in user data frames on this port during the session.
PAGE 251
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 26 Authenticator Diagnostics window The following fields can be viewed: Parameter Description Port The identification number assigned to the Port by the System in which the Port resides. Connect Enter Counts the number of times that the state machine transitions to the CONNECTING state from any other state.
PAGE 252
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual CONNECTING, as a result of a reauthentication request (reAuthenticate = TRUE). Authed Start Counts the number of times that the state machine transitions from AUTHENTICATED to CONNECTING, as a result of an EAPOL-Start message being received from the Supplicant.
PAGE 253
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 27 Browse ARP Table window VLAN The following windows are used to configure the VLAN settings of the Switch. Browse VLAN This window allows the VLAN status for each of the Switch's ports to be viewed by VLAN. Enter a VID (VLAN ID) in the field at the top of the window and click the Find button.
PAGE 254
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Show VLAN Ports This window allows the VLAN status for each of the Switch's ports to be viewed by VLAN. Enter a VID (VLAN ID) in the field at the top of the window and click the Find button. To view this window, click Monitoring > VLAN > Show VLAN Ports as shown below: Figure 7 - 29 Show VLAN Ports window IGMP Snooping The following windows are used to configure the IGMP Snooping settings of the Switch.
PAGE 255
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 31 IGMP Snooping Group window Enter the appropriate information and click Find, the information will be shown in the IGMP Snooping Group Table. The following field can be viewed: Parameter Description VLAN Name The VLAN ID of the multicast group. VLAN (e.g.:1,4-6) List Group IP Address The VLAN ports of the multicast group. The IP address of the multicast group.
PAGE 256
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 33 Browse IGMP Snooping Counter window Enter the VLAN Name, VLAN List or Port List of the VLAN you wish to view and click Find. MLD Snooping Browse MLD Router Port This window displays which of the Switch’s ports are currently configured as router ports in IPv6. A router port configured by a user (using the console or Web-based management interfaces) is displayed as a static router port, designated by S.
PAGE 257
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 35 MLD Snooping Group window Enter a VLAN Name or VLAN List and Group IP Address in the appropriate field and click the Find button. MLD Snooping Forwarding Table This window is used to display the current MLD snooping forwarding information on the Switch.
PAGE 258
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Browse MLD Snooping Counter This window is used to display the current MLD snooping counter information on the Switch. To view this window, click Monitoring > MLD Snooping > Browse MLD Snooping Counter as shown below: Figure 7 - 37 Browse MLD Snooping Counter window Browse Session Table This window displays the management sessions since the Switch was last rebooted.
PAGE 259
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual CFM Packet Counter CCM List This window displays the CCM database entries on the Switch. To view this window, click Monitoring > CFM > CFM Packet Counter CCM List as shown below: Figure 7 - 40 CFM Packet Count CCM List window Browse CFM Fault MEP This window will display the fault conditions detected by the MEPs on the Switch.
PAGE 260
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual MAC Address Table This allows the Switch's dynamic MAC address forwarding table to be viewed. When the Switch learns an association between a MAC address and a port number, it makes an entry into its forwarding table. These entries are then used to forward packets through the Switch.
PAGE 261
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual The functions used in the VLAN Counter Statistic table are described below: Parameter Description VID List (e.g.:1,46) Specifies the VLAN ID list that you wish to view. VLAN Name Specifies the VLAN Name. VID (1-4094) Specifies the VLAN ID. Port List Specifies the ports that are attached to the VLAN. Enter the appropriate information and click Find, the informationwill be displayed in the VLAN Counter Statistics Table.
PAGE 262
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 7 - 46 Browse Ethernet OAM Statistics window 251
PAGE 263
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Historical Counter & Utilization This folder contains two windows to view statistics about packets sent and received by the Switch and Historical Utilization of the CPU and memory. Browse Historical Counter This window is used to display statistics about the packets sent and received by the Switch. The counters are set up in 15 minute and one day intervals.
PAGE 264
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Browse Historical Utilization This window displays information regarding the historical utilization of the CPU and memory. The counters are set up in 15 minute and one day intervals. There is a maximum of five 15 minute historical utilization entries supported for each port, with one being the most recent 15 minutes of data.
PAGE 265
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Parameter Description Log Type Choose the type of log to view. There are two choices: Regular Log – Choose this option to view regular switch log entries, such as logins or firmware transfers. Attack Log – Choose this option to view attack log files, such as spoofing attacks. Index A counter incremented whenever an entry to the Switch's history log is made. The table displays the last entry (highest sequence number) first.
PAGE 266
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Section 8 Save Services and Tools Save Configuration ID 1 Save Configuration ID 2 Save Log Save All Configuration File Backup & Restore Upload Log File Reset Download Firmware Reboot System The four Save windows include: Save Configuration 1, Save Configuration 2, Save Log, and Save All. Each version of the window will aid the user in saving configurations to the Switch’s memory.
PAGE 267
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Save Configuration ID 2 Open the Save drop-down menu at the top of the Web manager and click Save Configuration ID 2 to open the following window: Figure 8 - 2 Save Configuration ID 2 window Save Log Open the Save drop-down menu at the top of the Web manager and click Save Log to open the following window: Figure 8 - 3 Save Log window Save All Open the Save drop-down menu at the top of the Web manager and click Save All to open
PAGE 268
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Configuration File Backup & Restore The Switch supports dual image storage for configuration file backup and restoration. The firmware and configuration images are indexed by ID number 1 or 2. To change the boot firmware image, use the Configuration ID drop-down menu to select the desired configuration file to backup or restore. The default Switch settings will use image ID 1 as the boot configuration or firmware.
PAGE 269
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Figure 8 - 7 Reset System window Download Firmware The following window is used to download firmware for the Switch. Figure 8 - 8 Download Firmware window Enter the Server IP address, the Interface Name, the path/file name and select the desired Image ID. Click Download to initiate the file transfer. Reboot System The following window is used to restart the Switch.
PAGE 270
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL Address Resolution Protocol (ARP) is the standard method for finding a host's hardware address (MAC address) when only its IP address is known. This protocol is vulnerable because it can spoof the IP and MAC information in the ARP packets to attack a LAN (known as ARP spoofing).
PAGE 271
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual address FF-FF-FF-FF-FF-FF 00-20-5C-01-11-11 Table-2 (Ethernet frame format) When the switch receives the frame, it will check the “Source Address” in the Ethernet frame’s header. If the address is not in its Forwarding Table, the switch will learn PC A’s MAC and the associated port into its Forwarding Table.
PAGE 272
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual When PC B replies to the ARP request, its MAC address will be written into “Target H/W Address” in the ARP payload shown in Table-3. The ARP reply will be then encapsulated into the Ethernet frame again and sent back to the sender. The ARP reply is in a form of Unicast communication.
PAGE 273
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual How ARP spoofing attacks a network ARP spoofing, also known as ARP poisoning, is a method to attack an Ethernet network which may allow an attacker to sniff data frames on a LAN, modify the traffic, or stop the traffic altogether (known as a Denial of Service - DoS attack). The principle of ARP spoofing is to send the fake, or spoofed ARP messages to an Ethernet network.
PAGE 274
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Gratuitous ARP Ethernet Sender H/W address Sender protocol address Target H/W address Target protocol address (2-byte) (6-byte) (4-byte) (6-byte) (4-byte) ARP reply 00-20-5C-01-11-11 10.10.10.254 00-20-5C-01-11-11 10.10.10.
PAGE 275
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual • Prevent ARP spoofing via packet content ACL Concerning the common DoS attack today caused by the ARP spoofing, D-Link managed switch can effectively mitigate it via its unique Packet Content ACL. For that reason the basic ACL can only filter ARP packets based on packet type, VLAN ID, Source and Destination MAC information, there is a need for further inspections of ARP packets.
PAGE 276
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Offset Chunk Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Offset Chunk0 Chunk1 Chunk2 Chunk3 Chunk4 Chunk5 Chunk6 Chunk7 Chunk8 Chunk9 Chunk10 Chunk11 Chunk12 Chunk13 Chunk14 Chunk15 Byte 127 3 7 11 15 19 23 27 31 35 39 43 47 51 55 59 Byte 128 4 8 12 16 20 24 28 32 36 40 44 48 52 56 60 Byte 1 5 9 13 17 21 25 29 33 37 41 45 49
PAGE 277
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual 266
PAGE 278
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Appendix B System Log Entries The following table lists all possible entries and their corresponding meanings that will appear in the System Log of this Switch.
PAGE 279
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Interface Console Web SSL Telnet SNMP STP Log message upload was unsuccessful Log message upload by was unsuccessful! (Username: ) Port link up Port link up, Informational Port link down Port link down Informational Successful login through Console Successful login through Console (Username: ) Informational Log
PAGE 280
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Spanning Tree Protocol is disabled SSH AAA Spanning Tree Protocol is disabled Successful login through SSH Successful login through SSH (Username: , IP: , MAC: ) Informational Informational Login failed through SSH Login failed through SSH (Username: , IP: Warning , MAC: ) Logout through SSH Logout through SSH (Username: , IP: , MAC: ) Inform
PAGE 281
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Login failed through Telnet authenticated by AAA local method Login failed through Telnet from authenticated by AAA local method (Username: , MAC: ) Successful login through SSH Successful login through SSH from authenticated by AAA local authenticated by AAA local method (Username: method , MAC: ) Warning Informational Login failed through SSH authenticated by AAA local
PAGE 282
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual server , MAC: ) Login failed through Telnet authenticated by AAA server Login failed through Telnet from authenticated by AAA server (Username: , MAC: ) Successful login through SSH Successful login through SSH from authenticated by AAA server authenticated by AAA server (Username: , MAC: ) Warning Informational Login failed thro
PAGE 283
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Successful Enable Admin Successful Enable Admin through SSH from Informational through SSH authenticated by authenticated by AAA none method (Username: AAA none method , MAC: ) Successful Enable Admin through Console authenticated by AAA server Successful Enable Admin through Console authenticated by AAA server (Username: ) Enable Admin failed through Console authenticated by AAA s
PAGE 284
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Web(SSL) from due due to AAA server timeout or improper configuration to AAA server timeout or (Username: ,MAC: ) improper configuration. Login failed through Telnet from user due to AAA server timeout or improper configuration.
PAGE 285
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual Unauthenticated IP address Unauthenticated IP-MAC address and discarded by Warning encountered and discarded by IP-MAC port binding (IP: , MAC: , IP-MAC port binding Port: ) Loop-back Detection LBD loop occurred Port LBD loop occurred. Port blocked Critical LBD port recovered. Loop detection restarted Port LBD port recovered.
PAGE 286
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual MAC-AC host aged out (MAC: %s, port: %s, VID: %d) Informational DDM IP and Password Changed Critical Port %d SFP %s exceeded the %s warning threshold Warning IP Address change activity Management IP address was changed by (Username: Informational ) Password change activity Password was changed by (Username: ) Informational Dual Excution error encountered Configuration druring system boot-up 802.
PAGE 287
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual , VID: ) Login Fail MAC-AC login rejected (MAC: , port: , VID: ) Warning Aged out MAC-AC host aged out (MAC: , port: , VID: ) Informational DGS-3700 Series Trap List Trap Name/OID coldStart Variable Bind None Format V2 RFC1907 1.3.6.1.6.3.1.1.5.1 WarmStart Severity Critical (SNMPv2-MIB) None V2 RFC1907 1.3.6.1.6.3.1.1.5.
PAGE 288
DGS-3700-12/DGS-3700-12G Series Layer 2 Gigabit Ethernet Switch User Manual swPowerStatusChg swPowerStatusChgSeverity V2 EQUIPMENTMIB Warning swFanFailureSeverity V2 EQUIPMENTMIB Warning swFanRecoverSeverity V2 EQUIPMENTMIB Warning V2 MBA-MIB Warning 1.3.6.1.4.1.171.12.35.11.1.0.
PAGE 289
Appendix C Glossary 1000BASE-SX: A short laser wavelength on multimode fiber optic cable for a maximum length of 500 meters 1000BASE-LX: A long wavelength for a "long haul" fiber optic cable for a maximum length of 10 kilometers 1000BASE-T: 1000Mbps Ethernet implementation over Category 5E cable. 100BASE-FX: 100Mbps Ethernet implementation over fiber. 100BASE-TX: 100Mbps Ethernet implementation over Category 5 and Type 1 Twisted Pair cabling. 10BASE-T: The IEEE 802.
PAGE 290
LAN - Local Area Network: A network of connected computing resources (such as PCs, printers, servers) covering a relatively small geographic area (usually not larger than a floor or building). Characterized by high data rates and low error rates. latency: The delay between the time a device receives a packet and the time the packet is forwarded out of the destination port. line speed: See baud rate. main port: The port in a resilient link that carries data traffic in normal operating conditions.
PAGE 291
Appendix D Password Recovery Procedure This section describes the procedure for resetting passwords on D-Link Switches. Authenticating any user who tries to access networks is necessary and important. The basic authentication method used to accept qualified users is through a local login, utilizing a Username and Password. Sometimes, passwords get forgotten or destroyed, so network administrators need to reset these passwords.
PAGE 292
Command Parameters {} reset. show account The show account command displays all previously created accounts.