manualshive.com logo in svg

D-Link DES-3528 - xStack Switch - Stackable, Reference Manual

The D-Link DES-3528 is a powerful stackable xStack Switch designed to provide seamless connectivity for your network. With its exceptional specifications, this product ensures high-speed data transfer and reliable performance. To explore its complete features, you can easily download the user manual for free from our website.

Share
Download
background image

xStack® DES-3528/DES-3552 Series Layer 2 Stackable Fast Ethernet Managed Switch Web UI Reference Guide 

chunk0 chunk1 chunk2

…… 

chunk29

chunk30

chunk31 

B126, 
B127, 

B0, 

B1 

B2, 

B3, 

B4, 

B5 

B6, 

B7, 

B8, 

B9 

…… B114, 

B115, 

B116, 

B117 

B118, 

B119, 

B120, 

B121 

B122, 

B123, 

B124, 

B125 

 

Example:  
 offset_chunk_1 0  0xffffffff will match packet byte offset 126,127,0,1  
   
 offset_chunk_1 0  0x0000ffff will match packet byte offset,0,1 

 

NOTE:

 Only one packet_content_mask profile can be created. 

With this advanced unique Packet Content Mask (also known as Packet Content Access Control List - 
ACL), the 

D-Link xStack

®

 switch family can effectively mitigate some network attacks like the 

common ARP Spoofing attack that is wide spread today. This is why the Packet Content ACL 
is able to inspect any specified content of a packet in different protocol layers. 

 

Click the 

Select 

button to select an ACL type.  

Click the 

Create 

button

 

to create a profile. 

Click the 

<<Back

 button to discard the changes made and return to the previous page. 

 

After clicking the 

Show Details

 button, the following page will appear: 

 

Figure 7-19 Access Profile Detail Information (Packet Content ACL) 

 

Click the 

Show All Profiles 

button to navigate back to the 

Access Profile List

 Page. 

 

 

NOTE:

 Address Resolution Protocol (ARP) is the standard for finding a host’s hardware address (MAC 

address). However, ARP is vulnerable as it can be easily spoofed and utilized to attack a LAN (i.e. 
an ARP spoofing attack). For a more detailed explanation on how ARP protocol works and how to 
employ D-Link’s unique Packet Content ACL to prevent ARP spoofing attack, please see Appendix 
E at the end of this manual. 

 

After clicking the 

Add/View Rules

 button, the following page will appear: 

 

Figure 7-20 Access Rule List (Packet Content ACL) 

 

181 

 

Summary of Contents for DES-3528 - xStack Switch - Stackable

Page 1: ...Web UI Reference Guide ProductModel xStack DES 3528 DES 3552 Series Layer2ManagedStackable Fast Ethernet Switch Release 2 6 September 2010...

Page 2: ...ssion of D Link Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Corporation Microsoft and Windows are registered trademarks of Micros...

Page 3: ...Firmware Information Settings 8 Port Configuration 9 Port Settings 9 Port Description Settings 10 Port Error Disabled 11 Jumbo Frame Settings 12 PoE 12 PoE System Settings 13 PoE Port Settings 14 Seri...

Page 4: ...Settings 48 SNMP Community Table Settings 49 SNMP Group Table Settings 50 SNMP Engine ID Settings 51 SNMP User Table Settings 52 SNMP Host Table Settings 53 SNMPv6 Host Table Settings 53 RMON Settings...

Page 5: ...S Settings 127 LLDP 130 LLDP Global Settings 130 LLDP Port Settings 131 LLDP Management Address List 133 LLDP Basic TLVs Settings 133 LLDP Dot1 TLVs Settings 134 LLDP Dot3 TLVs Settings 136 LLDP Stati...

Page 6: ...PU Ethernet ACL Profile 185 Adding a CPU IPv4 ACL Profile 188 Adding a CPU IPv6 ACL Profile 192 Adding a CPU Packet Content ACL Profile 195 ACL Finder 198 ACL Flow Meter 199 Chapter 8 Security 202 802...

Page 7: ...s 244 Compound Authentication Guest VLAN Settings 246 Port Security 247 Port Security Settings 247 Port Security VLAN Settings 248 Port Security Entries 249 ARP Spoofing Prevention Settings 249 BPDU A...

Page 8: ...ngs 299 CFM Linktrace Settings 300 CFM Packet Counter 300 CFM Fault Table 301 CFM MP Table 302 Ethernet OAM 302 Ethernet OAM Settings 302 Ethernet OAM Configuration Settings 303 Ethernet OAM Event Log...

Page 9: ...35 Download Configuration File 335 Upload Configuration File 336 Upload Log File 337 Reset 338 Reboot System 338 Appendix A Mitigating ARP Spoofing Attacks Using Packet Content ACL 339 How Address Res...

Page 10: ...xample Open the File menu and choose Cancel Used for emphasis May also indicate system messages or prompts appearing on screen For example You have mail Bold font is also used to represent filenames p...

Page 11: ...ly with the Switch using the HTTP protocol The Web based management module and the Console program and Telnet are different ways to access the same internal switching software and configure it Thus al...

Page 12: ...itor the system status Areas of the User Interface The figure below shows the user interface Three distinct areas divide the user interface as described in the table Figure 1 2 Main Web Manager page 3...

Page 13: ...onality of the Switch L3 Features In this section the user will be able to configure features regarding the Layer 3 functionality of the Switch QoS In this section the user will be able to configure f...

Page 14: ...og on to the Switch To return to the Device Information window after viewing other windows click the DES 3528 DES 3552 Series link The Device Information window shows the Switch s MAC Address assigned...

Page 15: ...iate feature page for configuration System Information Settings The user can enter a System Name System Location and System Contact to aid in defining the Switch This window also displays the MAC Addr...

Page 16: ...information Parameter Description ID State the ID number of the configuration file located in the Switch s memory The Switch can store two configuration files for use ID 1 will be the default boot up...

Page 17: ...e ways firmware may be downloaded to the Switch R If the IP address has this letter attached it denotes a firmware upgrade through the serial port RS232 T If the IP address has this letter attached to...

Page 18: ...hoose the port or sequential range of ports using the From Port and To Port pull down menus 2 Use the remaining pull down menus to configure the parameters described below The fields that can be confi...

Page 19: ...et for 1000M Full_Master the other side of the connection must be set for 1000M Full_Slave Any other configuration will result in a link down status for both ports Flow Control Displays the flow contr...

Page 20: ...r the selected ports If configuring the Combo ports the Medium Type defines the type of transport medium to be used whether Copper or Fiber Description Users may then enter a description for the chose...

Page 21: ...ame Use the radio buttons to enable or disable the Jumbo Frame function on the Switch The default is Disabled The maximum frame size is 1536 bytes Click the Apply button to implement changes made PoE...

Page 22: ...e Power Limit for the PoE system enter a value between 37W and 370W for the DES 3528P DES 3552P in the Power Limit field The default setting is 370W When the total consumed power exceeds the power lim...

Page 23: ...en exceeded the next port attempting to power up is denied regardless of its priority If Power Disconnection Method is set to Deny Next Port the system cannot utilize out of its maximum power capacity...

Page 24: ...there are different PD classes and power consumption ranges Class 0 0 44 12 95W Class 1 0 44 3 84W Class 2 3 84 6 49W Class 3 6 49 12 95W Class 4 12 95W 29 5W only ports 1 8 The following is the power...

Page 25: ...to choose a method for which to save the switch log to the flash memory of the Switch To view the following window click System Configuration System Log Configuration System Log Settings as shown bel...

Page 26: ...ill be sent The options are Emergency Alert Critical Error Warning Notice Informational and Debug Server IPv4 Address Click the radio button and enter the IPv4 address of the Syslog server Server IPv6...

Page 27: ...P or ERPS Attack Log When selecting Attack Log all attacks will be listed Index A counter incremented whenever an entry to the Switch s history log is made The table displays the last entry highest se...

Page 28: ...triggers either a log entry or a trap message can be set as well Use the System Severity Settings window to set the criteria for alerts The current settings are displayed below the System Severity Ta...

Page 29: ...o identify this time range on the Switch This range name will be used in the Access Profile table to identify the access profile and associated rule to be enabled during this time range Hours This par...

Page 30: ...igure 2 17 User Accounts Settings window To add a new user type in a User Name and New Password and retype the same password in the Confirm New Password field Choose the level of privilege Admin Opera...

Page 31: ...t switches can be combined to be managed by one IP address through Telnet the GUI interface Web the console port or through SNMP Each switch of this series has two stacking ports located at the rear o...

Page 32: ...LED will flash between its given Box ID and H Backup Master The Backup Master is the backup to the Primary Master and will take over the functions of the Primary Master if the Primary Master fails or...

Page 33: ...is down Once the device has been removed the remaining switches will update their stacking topology database to reflect the change Any one of the three roles Primary Master Backup Master or Slave may...

Page 34: ...ensure the master role is unchanged when adding a new device to the current stacking topology If the Enabled radio button is selected the master s priority will become zero after the stacking has sta...

Page 35: ...s can be defined in the ARP table When static entries are defined a permanent entry is entered and is used to translate IP addresses to MAC addresses To view the following window click Management ARP...

Page 36: ...r 3 switch will see the ARP request from A This local proxy ARP function allows the Switch to respond to the proxy ARP if the source IP and destination IP are in the same interface To view the followi...

Page 37: ...ARP request packet while the IPIF interface become up This is used to automatically announce the interface s IP address to other nodes By default the state is disabled and only one gratuitous ARP pack...

Page 38: ...event log is Enabled Interface Name Enter the interface name of the Layer 3 interface Select All to enable or disable gratuitous ARP trap or log on all interfaces Interval Time Enter the periodically...

Page 39: ...t to the state option Click the Add button to add a new entry based on the information entered Click the Find button to locate a specific entry based on the information entered Click the Clear button...

Page 40: ...witch can access the Switch until a management VLAN is specified or Management Station IP addresses are assigned Interface Admin State Use the drop down menu to enable or disable the configuration on...

Page 41: ...NOTE To create IPv6 interfaces the user has to create an IPv4 interface then edit it to IPv6 Click the Add button to see the following window Figure 3 9 IPv4 Interface Settings Add window The fields...

Page 42: ...window The fields that can be configured are described below Parameter Description Interface Name Display the IPv6 interface name IPv6 State Use the drop down menu to enable or disable IPv6 State Inte...

Page 43: ...re information about loading a configuration file for use by a client see the DHCP server and or TFTP server software instructions The user may also consult the Upload Log File window description loca...

Page 44: ...ncept that will stack switches together over Ethernet instead of using stacking ports or modules There are some advantages in implementing the Single IP Management feature 1 SIM can simplify managemen...

Page 45: ...e following characteristics a It is not a CS or MS of another Single IP group b It is connected to the CS through the CS management VLAN The following rules also apply to the above roles Each device b...

Page 46: ...t picture 3 This version will support switch upload and downloads for firmware configuration files and log files as follows a Firmware The Switch now supports MS firmware downloads from a TFTP server...

Page 47: ...hold information sent to it from other switches utilizing the Discovery Interval The user may set the hold time from 100 to 255 seconds The default value is 100 seconds Click the Apply button to acce...

Page 48: ...ote Port Displays the number of the physical port on the MS or CaS to which the CS is connected The CS will have no entry in this field MAC Address Displays the MAC Address of the corresponding Switch...

Page 49: ...se plays an important role in configuration and in viewing device information Setting the mouse cursor over a specific device in the topology window tool tip will display the same information about a...

Page 50: ...display the group information Figure 3 21 Property window Parameter Description Device Name This field will display the Device Name of the switches in the SIM group configured by the user If no Devic...

Page 51: ...a single icon Expand To expand the SIM group in detail Property To pop up a window to display the group information Member Switch Icon Figure 3 23 Right clicking a Member icon The following options m...

Page 52: ...the device information Menu Bar The Single IP Management window contains a menu bar for device configurations as seen below Figure 3 26 Menu Bar of the Topology View File Print Setup Will view the im...

Page 53: ...Address where the firmware resides and enter the Path Filename of the firmware Click Download to initiate the file transfer To view the following window click Management Single IP Management Firmware...

Page 54: ...f variables managed objects is maintained by the SNMP agent and used to manage the device These objects are defined in a Management Information Base MIB which provides a standard presentation of the i...

Page 55: ...gement Information Base MIB stores management and counter information The Switch uses the standard MIB II Management Information Base module Consequently values for MIB objects can be retrieved from a...

Page 56: ...he fields that can be configured are described below Parameter Description SNMP Traps Enable this option to use the SNMP Traps feature SNMP Authentication Trap Enable this option to use the SNMP Authe...

Page 57: ...rts to use State Use the drop down menu to enable or disable the SNMP link change Trap Click the Apply button to accept the changes made SNMP View Table Settings Users can assign views to community st...

Page 58: ...hat an SNMP manager can access Click the Apply button to accept the changes made Click the Delete button to remove the specific entry SNMP Community Table Settings Users can create an SNMP community s...

Page 59: ...nager is allowed to access on the Switch The view name must exist in the SNMP View Table Access Right Read Only Specify that SNMP community members using the community string created can only read the...

Page 60: ...y to SNMPv3 NoAuthNoPriv Specify that there will be no authorization and no encryption of packets sent between the Switch and a remote SNMP manager AuthNoPriv Specify that authorization will be requir...

Page 61: ...own menu to enable encryption for SNMP V3 This is only operable in SNMP V3 mode The choices are None Password or Key Auth Protocol MD5 Specify that the HMAC MD5 96 authentication level will be used Th...

Page 62: ...be used SNMPv2 Specify that SNMP version 2 will be used SNMPv3 Specify that SNMP version 3 will be used Security Level NoAuthNoPriv To specify that the SNMP version 3 will be used with a NoAuth NoPriv...

Page 63: ...riv To specify that the SNMP version 3 will be used with an Auth NoPriv security level AuthPriv To specify that the SNMP version 3 will be used with an Auth Priv security level Community String SNMPv3...

Page 64: ...abled Port 1 65535 The TCP port number used for Telnet management of the Switch The well known TCP port for the Telnet protocol is 23 Click the Apply button to accept the changes made Web Settings Use...

Page 65: ...e lowest priority data and 7 assigned to the highest The highest priority tag 7 is generally only used for data associated with video or audio applications which are sensitive to even slight delays or...

Page 66: ...n all ports to a single 802 1Q VLAN named default The default VLAN has a VID 1 The member ports of Port based VLANs may overlap if desired IEEE 802 1Q VLANs Some relevant terms Tagging The act of putt...

Page 67: ...AN Tags The figure below shows the 802 1Q VLAN tag There are four additional octets inserted after the source MAC address Their presence is indicated by a value of 0x8100 in the EtherType field When a...

Page 68: ...erent PVIDs mean different VLANs remember that two VLANs cannot communicate without an external router So VLAN identification based upon the PVIDs cannot create VLANs that extend outside a given switc...

Page 69: ...ort will first determine if the ingress port itself is a member of the tagged VLAN If it is not the packet will be dropped If the ingress port is a member of the 802 1Q VLAN the Switch then determines...

Page 70: ...Segmentation Take for example a packet that is transmitted by a machine on Port 1 that is a member of VLAN 2 If the destination lies on another port found through a normal forwarding table lookup the...

Page 71: ...ent Enable this function to allow the Switch sending out GVRP packets to outside sources notifying that they may join the existing VLAN Unit Select the unit to configure Port Display all ports of the...

Page 72: ...tch entry click the VLAN Batch Settings tab as shown below Figure 4 7 802 1Q VLAN Settings VLAN Batch Settings Tab window The fields that can be configured are described below Parameter Description VI...

Page 73: ...wer half of the table displays any previously created groups To view the following window click L2 Features VLAN 802 1v protocol VLAN 802 1v Protocol Group Settings as shown below Figure 4 8 802 1v Pr...

Page 74: ...Figure 4 9 802 1v Protocol VLAN Settings window The fields that can be configured are described below Parameter Description Group ID Select a previously configured Group ID from the drop down menu Gro...

Page 75: ...Click the Delete button to remove the specific entry Asymmetric VLAN Settings Shared VLAN Learning is a primary example of the requirement for Asymmetric VLANs Under normal circumstances a pair of dev...

Page 76: ...e Leave All Time value in milliseconds NNI BPDU Address Use the drop down menu to determine the BPDU protocol address for GVRP in service provide site It can use an 802 1d GVRP address 802 1ad service...

Page 77: ...ice will use the PVID to make VLAN forwarding decisions If the port receives a packet and Ingress filtering is Enabled the port will compare the VID of the incoming packet to its PVID If the two are u...

Page 78: ...reate a MAC based VLAN entry VID 1 4094 Select this option and enter the VLAN ID VLAN Name Select this option and enter the VLAN name of a previously configured VLAN Click the Find button to locate a...

Page 79: ...al server through VLAN 20 However with the subnet VLAN configuration in the example IP 172 18 0 1 is assigned to VLAN 10 and 172 18 0 2 is assigned to VLAN 20 Customer A can only access Internet and c...

Page 80: ...n and click Add to create a new entry To search for a particular entry enter the appropriate information and click Find To remove an entry click Delete To view all entries on the Switch click Show All...

Page 81: ...VLAN Precedence Use the drop down menu to select the VLAN precedence choose either MAC based VLAN or Subnet VLAN MAC based VLAN Specifies that the MAC based VLAN classification is given precedence ove...

Page 82: ...at the packet level Byte Specify to count at the byte level Enter the appropriate information and click Add to create a new entry To search for a particular entry enter the appropriate information and...

Page 83: ...5535 minutes The default value is 720 minutes The aging time is used to remove a port from voice VLAN if the port is an automatic VLAN member When the last voice device stops sending traffic and the M...

Page 84: ...e Select the state of the port Mode Select the mode of the port Click the Apply button to accept the changes made Voice VLAN OUI Settings This page is used to configure the user defined voice traffic...

Page 85: ...tton to remove all the entries listed Click the Edit button to re configure the specific entry Click the Delete button to remove the specific entry Voice VLAN Device This page is used to show voice de...

Page 86: ...atically allow frames with VLAN group tags 1 and 2 VLAN groups that are unknown to those switches to pass through their VLAN trunking port s Refer to the following figure for an illustrated example Fi...

Page 87: ...e Go button to navigate to a specific page when multiple pages exist NOTE The abbreviations used on this page are Tagged Port T Untagged Port U and Forbidden Port F Show VLAN Ports Users can display t...

Page 88: ...d Therefore customers in the same service provider network may have VLAN ranges that overlap which might cause traffic to become mixed up So assigning a unique range of VLAN IDs to each customer might...

Page 89: ...ts and inserts the outer tag into the packet based on the VLAN ID and Inner Priority Use Inner Priority This is the priority given to the inner tag that is copied to the outer tag if this setting is e...

Page 90: ...When the device is operating with the Q in Q enabled DA will be replaced by the tunnel multicast address and the BPDU will be tagged with the tunnel VLAN based on the QinQ VLAN configuration and the...

Page 91: ...ughout interconnected bridges utilizing any of the three spanning tree protocols STP RSTP or MSTP This protocol will also tag BDPU packets so receiving devices can distinguish spanning tree instances...

Page 92: ...ding the port state transition All three protocols calculate a stable topology in the same way Every segment will have a single path to the root bridge All bridges listen for BPDU packets However BPDU...

Page 93: ...U Loop Back on Port Setting the Loop back Timer The Loop back timer plays a key role in the next step for the Switch to take to resolve this problem Choosing a non zero value on the timer will enable...

Page 94: ...ridge Max Age 6 40 The Max Age may be set to ensure that old information does not endlessly circulate through redundant paths in the network preventing the effective propagation of the new information...

Page 95: ...ies GVRP s BPDU MAC address of NNI port using the definition of 802 1d dot1ad Specifies GVRP s BPDU MAC address of NNI port using the definition of 802 1ad Click the Apply button to accept the changes...

Page 96: ...ge Notification is a simple BPDU that a bridge sends out to its root port to signal a topology change Restricted TCN can be toggled between True and False If set to True this stops the port from propa...

Page 97: ...esired method for altering the MSTI settings The user has two choices Add VID Select this parameter to add VIDs to the MSTI ID in conjunction with the VID List parameter Remove VID Select this paramet...

Page 98: ...port configuration for an MSTI ID If a loop occurs the MSTP function will use the port priority to select an interface to put into the forwarding state Set a higher priority value for interfaces to b...

Page 99: ...n interface is selected within an STP instance Selecting this parameter with a value in the range of 1 to 200000000 will set the quickest route when a loop occurs A lower Internal cost represents a qu...

Page 100: ...in the same order they were sent Link aggregation allows several ports to be grouped together and to act as a single link This gives a bandwidth that is a multiple of a single link s bandwidth Link ag...

Page 101: ...ad shared among the other linked ports of the link aggregation group Port Trunking Settings On this page the user can configure the port trunk settings for the Switch To view the following window clic...

Page 102: ...ing LACP control frames To view the following window click L2 Features Link Aggregation LACP Port Settings as shown below Figure 4 35 LACP Port Settings window The fields that can be configured are de...

Page 103: ...an be configured are described below Parameter Description VLAN Name Click the radio button and enter the VLAN name of the VLAN on which the associated unicast MAC address resides VLAN List Click the...

Page 104: ...ast group dynamically using GMRP The options are None No restrictions on the port dynamically joining the multicast group When None is chosen the port will not be a member of the Static Multicast Grou...

Page 105: ...ry Size The maximum number of entries listed in the history log used for notification Up to 500 entries can be specified Unit Select the unit to configure From Port To Port Select the starting and end...

Page 106: ...onds Click the Apply button to accept the changes made MAC Address Table This allows the Switch s MAC address forwarding table to be viewed When the Switch learns an association between a MAC address...

Page 107: ...scribed below Parameter Description Unit Select the unit to configure Port Select the port number to use for this configuration MAC Address Enter the MAC address to use for this configuration IP Addre...

Page 108: ...there are no longer hosts requesting that they continue To view the following window click L2 Features L2 Multicast Control IGMP Snooping IGMP Snooping Settings as shown below Figure 4 42 IGMP Snoopi...

Page 109: ...kes a router to detect the loss of the last member of a group Data Drive Group Expiry Time 1 65535 Specify the data driven group lifetime in seconds Querier State Specify to enable or disable the quer...

Page 110: ...s as being not connected to multicast enabled routers This ensures that the forbidden router port will not become a router port to forward the packet to the destined router Dynamic Router Port Display...

Page 111: ...e information entered Click the Edit button to re configure the specific entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist IGMP Snooping Static...

Page 112: ...guration Click the Clear All button to unselect all the ports for configuration Click the Apply button to accept the changes made Click the Back button to discard the changes made and return to the pr...

Page 113: ...ID list of the multicast group Port List Specify the port number s used to find a multicast group Group IPv4 Address Enter the IPv4 address Data Driven If Data Drive is selected only data driven group...

Page 114: ...Switch s IGMP Snooping counter table To view the following window click L2 Features L2 Multicast Control IGMP Snooping IGMP Snooping Counter as shown below Figure 4 51 IGMP Snooping Counter window The...

Page 115: ...new information will appear Click the Back button to return to the previous page CPU Filter L3 Control Packet Settings The CPU Filter L3 Control Packet Settings is used to discard the Layer 3 control...

Page 116: ...ion and click Apply MLD Snooping Multicast Listener Discovery MLD Snooping is an IPv6 function used similarly to IGMP snooping in IPv4 It is used to discover ports on a VLAN that are requesting multic...

Page 117: ...message is received by the Switch it will no longer forward multicast traffic from a specific multicast group address to this listening port 4 Multicast Listener Report Version 2 Comparable to the Hos...

Page 118: ...ng Router Port Settings for a specific entry After clicking the Edit button the following page will appear Figure 4 55 MLD Snooping Parameters Settings window The fields that can be configured or view...

Page 119: ...een group specific query messages including Interval 1 25 The maximum amount of time betw those sent in response to done group messages You might lower this interval to reduce the amount of time it t...

Page 120: ...ures that the forbidden router port will not become a router port to forward the packet to the destined router Dynamic Router Port Displays router ports that have been dynamically configured Ports Sel...

Page 121: ...anges made for each individual section Click the Find button to locate a specific entry based on the information entered Click the Edit button to re configure the specific entry MLD Snooping Static Gr...

Page 122: ...Back button to discard the changes made and return to the previous page MLD Router Port Users can display which of the Switch s ports are currently configured as router ports in IPv6 A router port co...

Page 123: ...iven option to enable the data driven feature for this MLD snooping group Data Driven If Data Driven is selected only data driven groups will be displayed Click the Find button to locate a specific en...

Page 124: ...the statistics counter for MLD protocol packets that are received by the Switch since MLD Snooping is enabled To view the following window click L2 Features L2 Multicast Control MLD Snooping MLD Snoo...

Page 125: ...ic is entering the Switch and then set the ports where the incoming multicast traffic is to be sent The source port cannot be a recipient port and if configured to do so will cause error messages to b...

Page 126: ...s shown below Figure 4 65 IGMP Multicast Group Profile Settings window The fields that can be configured are described below Parameter Description Profile Name Enter a name for the IP Multicast Profil...

Page 127: ...LAN state IGMP Multicast VLAN Forward Unmatched Click the radio buttons to enable or disable the IGMP Multicast VLAN Forwarding state VLAN Name Enter the VLAN Name used VID Enter the VID used Remap Pr...

Page 128: ...igured Untagged Member Ports Specify the untagged member port of the multicast VLAN Click the Select All button to select all the ports or click the Clear All button to unselect all the ports Tagged M...

Page 129: ...cast VLAN Entries link to view the IGMP Snooping Multicast VLAN Settings MLD Multicast Group Profile Settings Users can add delete or configure the MLD multicast group profile on this page To view the...

Page 130: ...de and return to the previous page Click the Delete button to remove the specific entry MLD Snooping Multicast VLAN Settings Users can add delete or configure the MLD snooping multicast VLAN on this p...

Page 131: ...link to configure the MLD Snooping Multicast VLAN Settings for the specific entry After clicking the Edit button the following page will appear Figure 4 73 MLD Snooping Multicast VLAN Settings Edit w...

Page 132: ...s for configuration lick the Back button to discard the changes made and return to the previous page After clicking the Profile List Click the Apply button to accept the changes made C link the follow...

Page 133: ...l button to remove all the entries liste Click the Group List link to configure the multicast address group list settings for the specific entry lick the Edit button to re configure the specific entry...

Page 134: ...used for the configuration Access Assign access permissions to the ports selected Options listed are Permit and Deny Profile ID Profile Name Use the drop down menu to select the profile ID or profile...

Page 135: ...e action Click the Apply button to accept the changes made Click the Find button to locate a specific entry based on the information entered Enter a page number and click the Go button to navigate to...

Page 136: ...he Ethernet layer One link within a ring will be blocked to avoid a Loop RPL Ring Protection Link When the failure happens protection switching blocks the failed link and unblocks the RPL When the fai...

Page 137: ...S is enabled To view the following window click L2 Features ERPS Settings as shown below Figure 4 81 ERPS Settings window The fields that can be configured are described below Parameter Description ER...

Page 138: ...t Select None to have no RPL port RPL Owner Tick the check box and use the drop down menu to enable or disable the device as an RPL owner node Protected VLAN s e g 4 6 Tick the check box select the Ad...

Page 139: ...his ring TC Propagation State Tick the check box and use the drop down menu to enable or disable the propagation state of topology change for the sub ring When Enabled the switch will flush the FDB wh...

Page 140: ...ent expires the advertised data is then deleted from the neighbor Switch s MIB LLDP ReInit Delay 1 10 The LLDP re initialization delay interval is the minimum time that an LLDP port will wait before r...

Page 141: ...on is disabled Admin Status This function controls the local LLDP agent and allows it to send and receive LLDP frames on the ports This option contains TX RX TX and RX or Disabled TX the local LLDP ag...

Page 142: ...nd button to locate a specific entry based on the information entered LLDP Basic TLVs Settings TLV stands for Type length value which allows the specific sending information as a TLV element within LL...

Page 143: ...ble or disable the System Name option System Description Use the drop down menu to enable or disable the System Description option System Capabilities Use the drop down menu to enable or disable the S...

Page 144: ...enabling this option the user can select to use VLAN Name VID List or All in the next drop down menu After selecting this the user can enter either the VLAN Name or VID List value in the space provid...

Page 145: ...es that the LLDP agent should transmit the MAC PHY configuration status TLV This indicates it is possible for two ends of an IEEE 802 3 link to be configured with different duplex and or speed setting...

Page 146: ...ghbor detection activity LLDP Statistics and the settings for individual ports on the Switch Select a Port number from the drop down menu and click the Find button to view statistics for a certain por...

Page 147: ...information page per port click the Show Normal button To view the brief LLDP Local Port information page per port click the Show Brief button Figure 4 92 LLDP Local Port Information Show Normal wind...

Page 148: ...ch receives packets from a remote station but is able to store the information as local To view the following window click L2 Features LLDP LLDP Remote Port Information as shown below Figure 4 94 LLDP...

Page 149: ...nable or disable IPv6 local route The function is disabled by default Click the Apply button to accept the changes made for each individual section NOTE IPv4 and IPv6 static routes are mutually exclus...

Page 150: ...subnet mask to be applied to the corresponding subnet mask of the IP address Gateway This field allows the entry of a Gateway IP Address to be applied to the corresponding gateway of the IP address M...

Page 151: ...Length of the IPv6 Static or Default Route entry Interface Name The IP Interface where the static IPv6 route is created Nexthop Address The corresponding IPv6 address for the next hop Gateway address...

Page 152: ...window is use to configure the policy route in To view the following window click L3 Features Policy Ro Figure 5 6 Policy Route Settings window he fields that can be configured are described below T...

Page 153: ...e user can view all the direct w click L3 Features IP Forwarding Table as shown below lement the changes made Click the Back button to go back to the previous windo IP Forwarding Table The IP forwardi...

Page 154: ...1p standard that allows network administrators a method of reserving bandwidth for important functions that require a large bandwidth or have a high priority such as VoIP voice over Internet Protocol...

Page 155: ...he eight priority tags specified in IEEE 802 1p p0 to p7 are mapped to the Switch s priority queues as follows Priority 0 is assigned to the Switch s Q2 queue Priority 1 is assigned to the Switch s Q0...

Page 156: ...ctive priority indicates the actual priority assigned by RADIUS If the RADIUS assigned value exceeds the specified limit the value will be set at the default priority For example if the RADIUS assigns...

Page 157: ...ed are described below Parameter Description Unit Select the unit to configure From Port To Port Select the starting and ending ports to use Priority Use the drop down menu to select a value from 0 to...

Page 158: ...802 1p Settings 802 1p Map Settings as shown below The fields that can be configured are described below Parameter Description Unit Select the unit to configure From Port To Port A consecutive group...

Page 159: ...dth Control Bandwidth Control Settings as shown below Figure 6 4 Bandwidth Control Settings window The fields that can be configured or viewed are described below Parameter Description Unit Select the...

Page 160: ...ecific port The final RX bandwidth will be the largest one among these multiple RX bandwidths Effective TX If a RADIUS server has assigned the TX bandwidth then it will be the effective TX bandwidth T...

Page 161: ...torm has been detected the Switch will drop overload packets coming into the Switch until the storm has subsided This method can be utilized by selecting the Drop option of the Action parameter in the...

Page 162: ...ing Tree operational on the Switch If the Count Down timer has expired and yet the Packet Storm continues the port will be placed in Shutdown Forever mode and is no longer operational until the port r...

Page 163: ...fic Storm is one of the following None Will send no Storm trap warning messages regardless of action taken by the Traffic Control mechanism Storm Occurred Will send Storm Trap warning messages upon th...

Page 164: ...g the DSCP Map settings instead of the default port priority To view the following window click QoS DSCP DSCP Trust Settings as shown below Figure 6 7 DSCP Trust Settings window The fields that can be...

Page 165: ...igure 6 8 DSCP Map Settings window The fields that can be configured are described below Parameter Description Unit Select the unit to configure From Port To Port Use the drop down menu to select a ra...

Page 166: ...select one of two options DSCP Priority Specify a list of DSCP values to be mapped to a specific priority DSCP DSCP Specify a list of DSCP value to be mapped to a specific DSCP DSCP Color Specify a li...

Page 167: ...fy a list of DSCP values to be mapped to a specific color DSCP List 0 63 Enter a DSCP List value Color Use the drop down menu to specify the result color of the mapping Click the Apply button to accep...

Page 168: ...L Blocking Prevention State Click the radio buttons to enable of disable the HOL blocking prevention global settings Click the Apply button to accept the changes made Scheduling Settings QoS Schedulin...

Page 169: ...bution in priority classes of service Click the Apply button to accept the changes made QoS Scheduling Mechanism Changing the output scheduling used for the hardware queues in the Switch can customize...

Page 170: ...e Scheduling Mechanism Strict The highest class of service is the first to process traffic That is the highest class of service will finish before other queues empty Weighted Round Robin Use the weigh...

Page 171: ...l If this queue depth is less than the threshold there is minimal or no congestion and the packet is enquired If congestion is detected the packet is dropped or queued based on the DSCP Simple RED pro...

Page 172: ...eue depth is above the low threshold and drop yellow colored packets if the queue depth is above the high threshold Select Enable to drop yellow and red colored packets if the queue depth is above the...

Page 173: ...de SRED Drop Counter This window is used to display sRED drop counter To view this window click QoS SRED SRED Drop Counter as shown below Figure 6 15 SRED Drop Counter window The fields that can be co...

Page 174: ...t can be configured are described below Parameter Description Type Select one of two general ACL Rule types Normal Selecting this option will create a Normal ACL Rule CPU Selecting this option will cr...

Page 175: ...e Apply button to accept the changes made NOTE The Switch will use one minimum mask to cover all the terms that user input however some extra bits may also be masked at the same time To optimize the A...

Page 176: ...remove the specific entry Enter a page number and click the Go button to navigate to a specific page when multiple pages exist There are four Add Access Profile windows one for Ethernet or MAC addres...

Page 177: ...et ACL to instruct the Switch to examine the layer 2 part of each packet header Select IPv4 ACL to instruct the Switch to examine the IPv4 address in each frame s header Select IPv6 ACL to instruct th...

Page 178: ...will appear Figure 7 4 Access Profile Detail Information window Ethernet ACL Click the Show All Profiles button to navigate back to the Access Profile List window After clicking the Add View Rules bu...

Page 179: ...Mirroring must be enabled and a target port must be set Priority 0 7 Tick the corresponding check box if you want to re write the 802 1p default priority of a packet to the value entered in the Prior...

Page 180: ...n the Access ID field of this window If not the user will be presented with an error message and the access rule will not be configured VLAN Name Specify the VLAN name to apply to the access rule VLAN...

Page 181: ...t header Select IPv4 ACL to instruct the Switch to examine the IPv4 address in each frame s header Select IPv6 ACL to instruct the Switch to examine the IPv6 address in each frame s header Select Pack...

Page 182: ...you wish to filter TCP Flag Bits The user may also identify which flag bits to filter Flag bits are parts of a packet that determine what to do with the packet The user may filter packets by filterin...

Page 183: ...Details button to view more information about the specific rule created Click the Delete Rules button to remove the specific entry Enter a page number and click the Go button to navigate to a specifi...

Page 184: ...cent field When an ACL rule is added to change both the priority and DSCP of an IPv4 packet only one of them can be modified due to a chip limitation Currently the priority is changed when both the pr...

Page 185: ...ibed below Parameter Description Profile ID Enter a unique identifier number for this profile set This value can be set from 1 to 14 Select ACL Type Select profile based on Ethernet MAC Address IPv4 a...

Page 186: ...ticking the corresponding check box and entering the IPv6 address mask IPv6 Destination Mask The user may specify an IPv6 address mask for the destination IPv6 address by ticking the corresponding ch...

Page 187: ...Mirroring must be enabled and a target port must be set Priority 0 7 Tick the corresponding check box to re write the 802 1p default priority of a packet to the value entered in the Priority field whi...

Page 188: ...not the user will be presented with an error message and the access rule will not be configured Ticking the All Ports check box will denote all ports on the Switch VLAN Name Specify the VLAN name to...

Page 189: ...Switch to examine the layer 2 part of each packet header Select IPv4 ACL to instruct the Switch to examine the IPv4 address in each frame s header Select IPv6 ACL to instruct the Switch to examine th...

Page 190: ...of a packet in different protocol layers Click the Select button to select an ACL type Click the Create button to create a profile Click the Back button to discard the changes made and return to the p...

Page 191: ...fier number for this access This value can be set from 1 to 128 Tick the Auto Assign check box to instruct the Switch to automatically assign an Access ID for the rule being created Chunk Tick the che...

Page 192: ...the new value If used without an action priority the packet is sent to the default TC Time Range Name Tick the check box and enter the name of the Time Range settings that has been previously configu...

Page 193: ...To view CPU Access Profile List window click ACL CPU Access Profile List as shown below Creating an access profile for the CPU is divided into two basic parts The first is to specify which part or par...

Page 194: ...it red This will add more filed to the mask After clicking the Add CPU ACL Profile button the following page will appear Figure 7 24 Add CPU ACL Profile Ethernet ACL The fields that can be configured...

Page 195: ...amine the Ethernet type value in each frame s header Click the Select button to select an CPU ACL type Click the Create button to create a profile Click the Back button to discard the changes made and...

Page 196: ...tch the access profile are forwarded by the Switch according to any additional rule added see below Select Deny to specify that the packets that match the access profile are not forwarded by the Switc...

Page 197: ...s the Add CPU ACL Profile window for IP IPv4 To use specific filtering masks in this ACL profile click the packet filtering mask field to highlight it red This will add more filed to the mask After cl...

Page 198: ...value or specify Code to further specify that the access profile will apply an ICMP code value Select IGMP to instruct the Switch to examine the Internet Group Management Protocol IGMP field in each...

Page 199: ...nd return to the previous page After clicking the Show Details button the following page will appear Figure 7 30 CPU Access Profile Detail Information IPv4 ACL Click the Show All Profiles button to na...

Page 200: ...that the packets that match the access profile are not forwarded by the Switch and will be filtered Time Range Name Tick the check box and enter the name of the Time Range settings that has been prev...

Page 201: ...appear Figure 7 34 Add CPU ACL Profile IPv6 ACL The fields that can be configured are described below Parameter Description Profile ID 1 5 Enter a unique identifier number for this profile set This va...

Page 202: ...IPv6 address mask for the destination IPv6 address by checking the corresponding box and entering the IPv6 address mask Click the Select button to select an CPU ACL type Click the Create button to cr...

Page 203: ...w Label Configuring this field in hex form will instruct the Switch to examine the flow label field of the IPv6 header This flow label field is used by a source to label sequences of packets such as n...

Page 204: ...PU Access Rule List Adding a CPU Packet Content ACL Profile The window shown below is the Add CPU ACL Profile window for Packet Content To use specific filtering masks in this ACL profile click the pa...

Page 205: ...et to the 15th byte 16 31 Enter a value in hex form to mask the packet from byte 16 to byte 31 32 47 Enter a value in hex form to mask the packet from byte 32 to byte 47 48 63 Enter a value in hex for...

Page 206: ...cket header beginning with the offset value specified Offset 0 15 Enter a value in hex form to mask the packet from the beginning of the packet to the 15th byte Offset 16 31 Enter a value in hex form...

Page 207: ...inder window The fields that can be configured are described below Parameter Description Profile ID Use the drop down menu to select the Profile ID for the ACL rule finder to identify the rule Unit Se...

Page 208: ...and the red color packet will be treated as the violating action Users may also choose to count conformed exceeded and violated packets by selecting Enabled from the Counter drop down menu If the coun...

Page 209: ...single rate two color mode The action can be specified as one of the following Drop Packet Drop the overload packets immediately Remark DSCP Mark the packet with a specified DSCP trTCM Specify the two...

Page 210: ...s by checking its radio button and entering a new DSCP value in the allotted field Counter Use this parameter to enable or disable the packet counter for the specified ACL entry in the yellow flow Vio...

Page 211: ...henticating users to gain access to various wired or wireless devices on a specified Local Area Network by using a Client and Server based access control model This is accomplished by using a RADIUS s...

Page 212: ...o purposes when utilizing the 802 1X function The first purpose is to request certification information from the Client through EAPOL packets which is the only information allowed to pass through the...

Page 213: ...remote RADIUS server before being allowed access to the Network Understanding 802 1X Port based and Host based Network Access Control The original intent behind the development of 802 1X was to levera...

Page 214: ...d Configuration 802 1X Global Settings Users can configure the 802 1X global parameter To view this window click Security 802 1X 802 1X Global Settings as shown below Figure 8 9 802 1X Global Settings...

Page 215: ...setting is 60 seconds SuppTimeout 1 65535 This value determines timeout conditions in the exchanges between the Authenticator and the client The default setting is 30 seconds ServerTimeout 1 65535 Thi...

Page 216: ...Capability This allows the 802 1X Authenticator settings to be applied on a per port basis Select Authenticator to apply the settings to the port When the setting is activated a user must pass the aut...

Page 217: ...s to the network without full authorization or local authentication on the Switch To supplement these circumstances this switch now implements 802 1X Guest VLANs These VLANs should have limited access...

Page 218: ...ty 802 1X Guest VLAN Settings as shown below Figure 8 13 Guest VLAN Settings window The fields that can be configured are described below Parameter Description VLAN Name Enter the pre configured VLAN...

Page 219: ...button to refresh the display table so that new entries will appear NOTE The Authenticator State cannot be viewed on the Switch unless 802 1X is enabled To enable 802 1X go to Security 802 1X 802 1X...

Page 220: ...nges made NOTE The Authenticator State cannot be viewed on the Switch unless 802 1X is enabled To enable 802 1X go to Security 802 1X 802 1X Global Settings and select Enabled from the Authentication...

Page 221: ...changes made NOTE The Authenticator State cannot be viewed on the Switch unless 802 1X is enabled To enable 802 1X go to Security 802 1X 802 1X Global Settings and select Enabled from the Authenticati...

Page 222: ...t to be displayed Click the Apply button to accept the changes made NOTE The Authenticator Diagnostics cannot be viewed on the Switch unless 802 1X is enabled To enable 802 1X go to Security 802 1X 80...

Page 223: ...d from the Authentication State drop down menu Reauthenticate Port s This window displays reauthentication of a port or group of ports To view this window click Security 802 1X Reauthenticate Port s a...

Page 224: ...IPv4 Address Click the radio button to enter the RADIUS server IP address IPv6 Address Click the radio button to enter the RADIUS server IPv6 address Authentication Port 1 65535 Set the RADIUS authent...

Page 225: ...WAC and JWAC port access control events occur on the Switch Shell When enabled the Switch will send informational packets to a remote RADIUS server when a user either logs in logs out or times out on...

Page 226: ...ADIUS Authentication server that the client shares a secret with AuthServerAddress The conceptual table listing the RADIUS authentication servers with which the client shares a secret ServerPortNumber...

Page 227: ...a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject or Access Challenge a timeout or retransmission Timeouts The num...

Page 228: ...ier of the RADIUS accounting client ServerAddr The conceptual table listing the RADIUS accounting servers with which the client shares a secret ServerPortNumber The UDP port the client is using to sen...

Page 229: ...ort Binding IMPB The IP network layer uses a four byte address The Ethernet link layer uses a six byte MAC address Binding these two address types together allows the transmission of data between the...

Page 230: ...ing IPv6 Click the radio buttons to enable or disable DHCP snooping for IPv6 ND Snooping Click the radio buttons to enable or disable ND snooping Recover Learning Ports Enter the port numbers used to...

Page 231: ...ific source MAC address is blocked by the software The port will check ARP packets by IP MAC port binding entries When the packet is found by the entry the MAC address will be set to dynamic state If...

Page 232: ...the existing entries Click the Delete All button to remove all the entries listed MAC Block List This window is used to view unauthorized devices that have been blocked by IP MAC binding restrictions...

Page 233: ...ange of ports to use Maximum Entry 1 50 Enter the maximum entry value Tick the No Limit check box to have unlimited entries Maximum IPv6 Entry 1 50 Enter the maximum IPv6 entry value Tick the No Limit...

Page 234: ...etwork security by building and maintaining a ND snooping binding white list and by filtering untrusted hosts ND Snooping process is designed for stateless auto configuration assigned IPv6 address and...

Page 235: ...drop down menus to select a range of ports to use Maximum Entry 1 10 Enter the maximum entry value Tick the No Limit check box to have unlimited entries Click the Apply button to accept the changes m...

Page 236: ...authentication result users achieve different levels of authorization Notes about MAC based Access Control There are certain limitations and regulations regarding MAC based access control 1 Once this...

Page 237: ...access control This MAC address list can be configured in the MAC based access control Local Database Settings window RADIUS Use this method to utilize a remote RADIUS server as the authenticator for...

Page 238: ...addresses along with their corresponding target VLAN which will be authenticated for the Switch Once a queried MAC address is matched in this window it will be placed in the VLAN associated with it h...

Page 239: ...ple pages exist MAC based Access Control Authentication State Users can display MAC based access control Authentication State information To view this window click Security MAC based Access Control MA...

Page 240: ...IF IP interface address of the Switch to make the communication possible The host PC and other servers IP configurations do not depend on the virtual IP of WAC The virtual IP does not respond to any I...

Page 241: ...t Ethernet Managed Switch Web UI Reference Guide Conditions and Limitations 1 If the client is utilizing DHCP to attain an IP address the authentication VLAN must provide a DHCP server or a DHCP relay...

Page 242: ...tual IPv6 Enter a virtual IPv6 address This address is only used by WAC and is not known by any other modules of the Switch Redirection Path Enter the URL of the website that authenticated users place...

Page 243: ...ttings as shown below Figure 8 38 WAC User Settings window The fields that can be configured are described below Parameter Description User Name Enter the user name of up to 15 alphanumeric characters...

Page 244: ...to be enabled as WAC ports To Port Use this drop down menu to select the ending port of a range of ports to be enabled as WAC ports Aging Time 1 1440 This parameter specifies the time period during wh...

Page 245: ...port Authenticating Tick this check box to clear all authenticating users for a port Blocked Tick this check box to clear all blocked users for a port Click the Find button to locate a specific entry...

Page 246: ...specifies the TCP port that the JWAC Switch listens to and uses to finish the authentication process Forcible Logout This parameter enables or disables JWAC Forcible Logout When Forcible Logout is Ena...

Page 247: ...bles the JWAC Quarantine Server Monitor When Enabled the JWAC Switch will monitor the Quarantine Server to ensure the server is okay If the Switch detects no Quarantine Server it will redirect all una...

Page 248: ...p in authenticated state after it successes to authenticate Enter a value between 1 and 1440 minutes The default setting is 1440 minutes To maintain a constant Port Configuration tick the Infinite che...

Page 249: ...word entered in the previous field VID 1 4094 Enter a VLAN ID up to 4094 Click the Add button to create a new entry Click the Delete All button to remove all the entries listed Click the Edit button t...

Page 250: ...based on the port list entered Click the View All Hosts button to display all the existing entries Click the Clear All Hosts button to remove all the entries listed JWAC Customize Page Language This w...

Page 251: ...glish Japanese Click the link to toggle between English and Japanese User Name Enter the user name title of the authenticate page Password Enter the password title of the authenticate page Logout From...

Page 252: ...to authenticate the client using one of these methods and if the client passes they will be granted access to the network Any MAC 802 1X or JWAC Mode In the diagram above the Switch port has been conf...

Page 253: ...authentication methods access will be denied MAC IMPB Mode This mode adds an extra layer of security by checking the IP MAC Binding Port Binding IMPB table before trying one of the supported authentic...

Page 254: ...d as un authenticated otherwise it authenticated Permit The client is always regarded as authenticated If guest VLAN is enabled clients will stay on the guest VLAN otherwise they will stay on the orig...

Page 255: ...re authenticated individually VID List e g 1 6 9 Enter a list of VLAN ID State Use the drop down menu to assign or remove the specified VID list as authentication VLAN s Click the Apply button to acce...

Page 256: ...uthorized computers with source MAC addresses unknown to the Switch prior to locking the port or ports from connecting to the Switch s locked ports and gaining access to the network To view this windo...

Page 257: ...has been reset or rebooted Max Learning Address Specify the maximum value of port security entries that can be learned on this port Click the Apply button to accept the changes made for each individua...

Page 258: ...tch Port List Enter the port number or list here to be used for the port security entry search When All is selected all the ports configured will be displayed MAC Address The MAC address of the entry...

Page 259: ...for the ports on the Switch In generally there are two states in BPDU protection function One is normal state and another is under attack state The under attack state have three modes drop block and s...

Page 260: ...ck Detected Attack Cleared or Both Recover Time Specify the BPDU protection Auto Recovery timer The default value of the recovery timer is 60 Unit Select the unit to configure From Port To Port Select...

Page 261: ...down menu To view this window click Security Loopback Detection Settings as shown below Figure 8 55 Loopback Detection Settings window The fields that can be configured are described below Parameter...

Page 262: ...fic is similar to using VLANs to limit traffic but is more restrictive It provides a method of directing traffic that does not increase the overhead of the master switch CPU To view this window click...

Page 263: ...international standards described in RFC 1001 and RFC 1002 NetBIOS over TCP IP NBT If the network administrator wants to block the network communication on more than two computers which use NETBUEI p...

Page 264: ...create one access profile and one access rule entry the first time the DHCP client MAC address is used as the client MAC address The Source IP address is the same as the DHCP server s IP address UDP p...

Page 265: ...ured are described below Parameter Description Server IP Address The IP address of the DHCP server to be permitted Client s MAC Address The MAC address of the DHCP client Ports The port numbers of the...

Page 266: ...to authenticate users trying to access the Switch The users will set Authentication Server Hosts in a preferable order in the built in Authentication Server Groups and when a user tries to gain access...

Page 267: ...ying to access the Switch When enabled the device will check the Login Method List and choose a technique for user authentication upon login To view this window click Security Access Authentication Co...

Page 268: ...configured method list The user may use the default Method List or other Method List configured by the user See the Login Method Lists window in this section for more information Enable Method List U...

Page 269: ...en click the Add button To modify a particular group click the Edit button or the Edit Server Group tab which will then display the following Edit Server Group tab Figure 8 64 Authentication Server Gr...

Page 270: ...this window click Security Access Authentication Control Authentication Server Settings as shown below Figure 8 65 Authentication Server Settings window The fields that can be configured are described...

Page 271: ...tch Successful login using any of these techniques will give the user a User privilege only If the user wishes to upgrade his or her status to the administrator level the user must use the Enable Admi...

Page 272: ...List cannot be deleted but can be configured The sequence of methods implemented in this command will affect the authentication result For example if a user enters a sequence of methods like TACACS X...

Page 273: ...ocol from a remote XTACACS server Click the Apply button to accept the changes made Click the Edit button to re configure the specific entry Click the Delete button to remove the specific entry Local...

Page 274: ...embled in four choices on the Switch to create a three layered encryption code for secure communication between the server and the host The user may implement any one or combination of the cipher suit...

Page 275: ...te function on the Switch configure the parameters in the SSL Cipher suite Settings section described below Parameter Description RSA with RC4_128_MD5 This cipher suite combines the RSA key exchange s...

Page 276: ...ovide secure encrypted and authenticated communication between two non trusted hosts SSH with its array of unmatched security features is an essential tool in today s networking environment It is a po...

Page 277: ...d the Switch will be disconnected and the user must reconnect to the Switch to attempt another login The number of maximum attempts may be set between 2 and 20 The default setting is 2 Rekey Timeout T...

Page 278: ...on Algorithm are described below Parameter Description 3DES CBC Use the check box to enable or disable the Triple Data Encryption Standard encryption algorithm with Cipher Block Chaining The default i...

Page 279: ...e HMAC Hash for Message Authentication Code mechanism utilizing the Digital Signature Algorithm DSA encryption The default is enabled Click the Apply button to accept the changes made SSH User Authent...

Page 280: ...ess of the SSH user This parameter is only used in conjunction with the Host Based choice in the Auth Mode field Click the Edit button to re configure the specific entry Click the Apply button to acce...

Page 281: ...ver its network in a limited bandwidth The Safeguard Engine has two operating modes that can be configured by the user Strict and Fuzzy In Strict mode when the Switch either a receives too many packet...

Page 282: ...IP broadcast packets will return to 5 seconds and the process will resume In Fuzzy mode once the Safeguard Engine has entered the Exhausted mode the Safeguard Engine will decrease the packet flow by...

Page 283: ...ization as a percentage where the Switch leaves the Safeguard Engine state and returns to normal mode The default is 20 Trap Log Use the pull down menu to enable or disable the sending of messages to...

Page 284: ...65 535 seconds with a default value of 0 seconds To view this window click Network Application DHCP DHCP Relay DHCP Relay Global Settings as shown below Figure 9 1 DHCP Relay Global Settings window Th...

Page 285: ...ay agent will check the validity of the packet s option 82 field If the Switch receives a packet that contains the option 82 field from a DHCP client the Switch drops the packet because it is invalid...

Page 286: ...dule is always 0 for a stackable switch the Module is the Unit ID 7 Port The incoming port number of the DHCP client packet the port number starts from 1 Remote ID sub option format Figure 9 3 Remote...

Page 287: ...tton to accept the changes made DHCP Relay VLAN Settings To view this window click Network Application DHCP DHCP Relay DHCP Relay VLAN Settings as shown below Figure 9 5 DHCP Relay VLAN Settings windo...

Page 288: ...ic entry Click the Delete All button to remove all the entries listed NOTE When there is no matching server found for the packet based on option 60 the relay servers will be determined by the default...

Page 289: ...ll button to remove all the entries listed Click the Delete button to remove the specific entry DHCP Relay Option 61 Settings On this page the user can configure add and delete DHCP relay option 61 pa...

Page 290: ...rk or to assign the IP address of an important device such as a DNS server or the IP address of the default route to another device on the network Users also have the ability to bind IP addresses with...

Page 291: ...ck the Apply button to add a new entry based on the information entered Click the Delete All button to remove all the entries listed Click the Delete button to remove the specific entry DHCP Server Po...

Page 292: ...file that will be used as the boot image of the DHCP client This image is usually the operating system that the client uses to load its IP parameters Next Server This field is used to identify the IP...

Page 293: ...ing as shown below Figure 9 13 DHCP Server Manual Binding window The fields that can be configured are described below Parameter Description Pool Name Enter the name of the DHCP pool within which will...

Page 294: ...lick the Clear button to remove the specific entry based on the information entered Click the Clear All button to remove all the entries DHCP Conflict IP To view this window click Network Application...

Page 295: ...plication DHCP DHCPv6 Relay DHCPv6 Relay Settings as shown below Figure 9 17 DHCPv6 Relay Settings The fields that can be configured are described below Parameter Description Interface Name Enter a na...

Page 296: ...es to apply the DHCP Local Relay operation State Enable or disable the configure DHCP Local Relay for VLAN state Click the Apply button to accept the changes made for each individual section DNS DNS R...

Page 297: ...r the client should contact Each client must be able to contact at least one DNS server and each DNS server must be able to contact at least one root server The address of the machine that supplies do...

Page 298: ...c entry PPPoE Circuit ID Insertion Settings This window allows to enable or disable PPPoE Circuit ID Insertion To view this window click Network Application PPPoE Circuit ID Insertion Settings as show...

Page 299: ...dow click Network Application SNTP SNTP Settings as shown below Figure 9 23 SNTP Settings window The fields that can be configured are described below Parameter Description SNTP State Use this radio b...

Page 300: ...Saving Time Offset In Minutes Use this pull down menu to specify the amount of time that will constitute your local DST offset 30 60 90 or 120 minutes Time Zone Offset From GMT In HH MM Use these pull...

Page 301: ...DST will end Parameter Description DST Annual Settings Using annual mode will enable DST seasonal time adjustment Annual mode requires that the DST beginning and ending date be specified concisely Fo...

Page 302: ...domain per VLAN basis There are different message types which are identified by unique Opcode of the CFM frame payload CFM message types that are supported include Continuity Check Message CCM Loopbac...

Page 303: ...ameter Description MA Max 22 characters Enter the CFM maintenance association MA name VID 1 4094 Enter a VLAN ID for CFM MA MIP Use the drop down menu to select the control creation of MIP None Do not...

Page 304: ...on to configure the CFM MEP settings Click the MIP Port Table button to see the following window Figure 10 3 CFM MIP Table window Click the Back button to go back to the CFM MA Settings window Click t...

Page 305: ...enu to select the CCM transmission state to Disabled or Enabled PDU Priority Use the drop down menu to set the 802 1p priority in the CCMs and the LTMs messages transmitted by the MEP The default valu...

Page 306: ...the fault alarm to be sent if a defect is reported continuously The default value is 250 Alarm Reset Time 250 1000 Enter the time period in centisecond to reset the fault alarm if a defect hasn t bee...

Page 307: ...ll ports by default To view this window click OAM CFM CFM Port Settings as shown below Figure 10 8 CFM Port Settings window The fields that can be configured are described below Parameter Description...

Page 308: ...oint between 1 and 8191 MD Max 22 characters The Maintenance Domain Name MA Max 22 characters The Maintenance Association Name MAC Address The destination MAC address LBMs Number 1 65535 The number of...

Page 309: ...The Maintenance Domain Name MA Name The Maintenance Association Name MAC Address The destination MAC address TTL 2 255 The linktrace message TTL value The default value is 64 PDU Priority The 802 1p p...

Page 310: ...down menu allows you to select among Transmit Receive and CCM Click the Find button to locate a specific entry based on the information entered Click the Clear button to clear all the information ente...

Page 311: ...clause 57 is a data link layer protocol which provides network operators the ability to monitor the health of the network and quickly determine the location of failing links or fault conditions on poi...

Page 312: ...Specify that the OAM function state is Enabled or Disabled The default state is Disabled Remote Loopback Specify to Start or Stop the OAM remote loopback function Received Remote Loopback Specify whet...

Page 313: ...M critical link event Link Monitor Use the drop down menu to select various types of link monitoring Critical Link Event Use the drop down menu to select the critical link event between Dying Gasp and...

Page 314: ...OAM Event Log as shown below Figure 10 16 Ethernet OAM Event Log window The fields that can be configured are described below Parameter Description Port Use the drop down menu to specify the port num...

Page 315: ...nter to show Tick All Ports to view all ports Click the Clear button to clear all the information entered in the fields DULD Settings The window is used to configure unidirectional link detection on p...

Page 316: ...s Shutdown If unidirectional link is detected disable the port and log the event Normal Only log unidirectional link event when unidirectional link is detected Discovery Time Enter the neighbor discov...

Page 317: ...unction limitation Cross talk errors detection is not supported on FE ports NOTE The available cable diagnosis length is from 5 to 120 meters NOTE The deviation of cable length detection is 5M Fault m...

Page 318: ...mple average by time interval To view this window click Monitoring Utilization CPU Utilization as shown below Figure 11 1 CPU Utilization window The fields that can be configured are described below P...

Page 319: ...nformation regarding the DRAM and Flash utilization To view this window click Monitoring Utilization DRAM Flash Utilization as shown below Figure 11 2 DRAM Flash Utilization window Port Utilization Us...

Page 320: ...ll be polled between 20 and 200 The default value is 200 Show Hide Check whether or not to display Port Util Click the Apply button to accept the changes made for each individual section Statistics Po...

Page 321: ...11 4 Received RX window for Bytes and Packets Click the View Table link to display the information in a table rather than a line graph Figure 11 5 Received RX Table window for Bytes and Packets The f...

Page 322: ...of good packets that were received by a broadcast address Show Hide Check whether to display Bytes and Packets Click the Apply button to accept the changes made for each individual section Click the...

Page 323: ...the total number of good packets that were received by a multicast address Broadcast Counts the total number of good packets that were received by a broadcast address Show Hide Check whether or not t...

Page 324: ...for Bytes and Packets Click the View Table link to display the information in a table rather than a line graph Figure 11 9 Transmitted TX Table window table for Bytes and Packets The fields that can...

Page 325: ...transmitted by a broadcast address Show Hide Check whether or not to display Bytes and Packets Click the Apply button to accept the changes made for each individual section Click the Clear button to c...

Page 326: ...information in a table rather than a line graph Figure 11 11 Received RX Table window for errors The fields that can be configured are described below Parameter Description Unit Select the unit to con...

Page 327: ...longer than 1518 octets and less than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1536 Drop The number of packets that are dropped by this port since the last Switch reboot Symbol Counts the nu...

Page 328: ...information in a table rather than a line graph Figure 11 13 Transmitted TX Table window for errors The fields that can be configured are described below Parameter Description Unit Select the unit to...

Page 329: ...inhibited by more than one collision Collision An estimate of the total number of collisions on this network segment Show Hide Check whether or not to display ExDefer CRCError LateColl ExColl SingCol...

Page 330: ...formation in a table rather than a line graph Figure 11 15 RX Size Analysis window table The fields that can be configured are described below Parameter Description Unit Select the unit to configure P...

Page 331: ...ets 1024 1518 The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets Show Hide Check whet...

Page 332: ...ature Target Port Use the drop down menu to select the Target Port used for Port Mirroring Unit Select the unit to configure TX Egress Click the radio buttons to select whether the port should include...

Page 333: ...N is enabled when one RSPAN VLAN has been configured with a source port The RSPAN redirect function will work when RSPAN is enabled and at least one RSPAN VLAN has been configured with redirect ports...

Page 334: ...Add or Delete to add or delete redirect ports Click the Apply button to accept the changes made Click the Back button to discard the changes made and return to the previous page sFlow sFlow RFC3176 i...

Page 335: ...he server times out When the analyzer server times out all of the flow samplers and counter pollers associated with this analyzer server will be deleted If not specified its default value is 400 Colle...

Page 336: ...if the rate is 20 the actual rate 5120 One packet will be sampled from every 5120 packets If set to 0 the sampler is disabled If the rate is not specified its default value is 0 Max Header Size 18 256...

Page 337: ...fic entry Click the Delete button to remove the specific entry Ping Test Ping is a small program that sends ICMP Echo packets to the IP address you specify The destination node then responds to or ech...

Page 338: ...ut Select a timeout period between 1 and 99 seconds for this Ping message to reach its destination If the packet fails to find the IP address in this specified time the Ping packet will be dropped Cli...

Page 339: ...e trace route option will cross while seeking the network path between two devices The range for the TTL is 1 to 60 hops Port 30000 64900 The port number The value range is from 30000 to 64900 Timeout...

Page 340: ...to halt the Trace Route Click the Resume button to resume the Trace Route Peripheral Device Status This window displays power and fan status of the Switch To view this window click Monitoring Peripher...

Page 341: ...tion File Upload Configuration File Upload Log File Reset Reboot System Save Configuration ID 1 Open the Save drop down menu at the top of the Web manager and click Save Configuration ID 1 to see the...

Page 342: ...example the order in the stack see System Configuration Stacking Stacking Mode Settings window The number of switches in the switch stack up to 8 total are displayed next to the Tools drop down menu...

Page 343: ...ssigned automatically Auto or can be assigned statically The default is Auto Type Display the model name of the corresponding switch in a stack Exist Denote whether a switch does or does not exist in...

Page 344: ...menu to select a unit for receiving the firmware Select All for all units TFTP Server IP Click the IPv4 or IPv6 radio button to enter the TFTP Server IP Address File Enter the location and name of the...

Page 345: ...File Enter the location and name of the source file or click the Browse button to navigate to the configuration file for the download Configuration ID Select a configuration ID Click Download to init...

Page 346: ...nd enter the service name in the space provided Click Upload to initiate the upload Upload Log File This page allows the user to upload the log file from the Switch to a TFTP Server Open the Tools dro...

Page 347: ...Switch will return to the last saved configuration when rebooted Open the Tools drop down menu at the top of the Web manager and click Reset to see the following window Figure 12 10 Reset System wind...

Page 348: ...ddress Resolution Protocol Works In the process of ARP PC A will first issue an ARP request to query PC B s MAC address The network structure is shown in Figure 1 Figure 1 In the meantime PC A s MAC a...

Page 349: ...d the associated port into its Forwarding Table In addition when the switch receives the broadcasted ARP request it will flood the frame to all ports except the source port port 1 see Figure 2 Figure...

Page 350: ...to send the fake or spoofed ARP messages to an Ethernet network Generally the aim is to associate the attacker s or random MAC address with the IP address of another node such as the default gateway A...

Page 351: ...nd cheats the router that it is the victim As can be seen in Figure 5 all traffic will be then sniffed by the hacker but the users will not discover Prevent ARP Spoofing via Packet Content ACL D Link...

Page 352: ...Offset Chunk14 Offset Chunk15 Byte 127 3 7 11 15 19 23 27 31 35 39 43 47 51 55 59 Byte 128 4 8 12 16 20 24 28 32 36 40 44 48 52 56 60 Byte 1 5 9 13 17 21 25 29 33 37 41 45 49 53 57 61 Byte 2 6 10 14...

Page 353: ...rom Chunk 3 mask for Ethernet Type Blue in Table 6 13th and 14th bytes The second chunk starts from Chunk 7 mask for Sender IP in ARP packet Green in Table 6 29th and 30th bytes The third chunk starts...

Page 354: ...undant Power failed Critical Redundant Power is working Unit unitID Redundant Power is working Critical Access flash failed Unit unitID Access flash failed operation operation physical address address...

Page 355: ...rough Web Username username IP ipaddr Warning Logout through Web Logout through Web Username username IP ipaddr Informational SSL Successful login through Web SSL Successful login through Web SSL User...

Page 356: ...authenticated by AAA local method Username username Warning Successful login through Web authenticated by AAA local method Successful login through Web from userIP authenticated by AAA local method Us...

Page 357: ...through Web authenticated by AAA server Successful login through Web from userIP authenticated by AAA server serverIP Username username Informational Login failed through Web authenticated by AAA ser...

Page 358: ...g Successful Enable Admin through SSH authenticated by AAA local_enable method Successful Enable Admin through SSH from userIP authenticated by AAA local_enable method Username username Informational...

Page 359: ...ation Username username Warning Enable Admin failed through Console due to AAA server timeout or improper configuration Enable Admin failed through Console due to AAA server timeout or improper config...

Page 360: ...cleared Port portNum Multicast storm has cleared Informational Port shut down due to a packet storm Port portNum is currently shut down due to a packet storm Warning IP MAC PORT Binding Unauthenticat...

Page 361: ...name username IP ipaddr Informational Gratuitous ARP Conflict IP was detected with this device Conflict IP was detected with this device IP ipaddr MAC macaddr Port unitID portNum Interface ipif_name I...

Page 362: ...rmational DES 3528 DES 3552 Series Trap List Trap Name OID Variable Bind Format MIB Name Severity coldStart 1 3 6 1 6 3 1 1 5 1 None V2 RFC1907 SNMPv2 MIB Critical warmStart 1 3 6 1 6 3 1 1 5 2 None V...

Page 363: ...SafeGuard m ib Warning swSafeGuardChgToNormal 1 3 6 1 4 1 171 12 19 4 1 0 2 swSafeGuardCurrentStatus V2 SafeGuard m ib Warning swPktStormOccurred 1 3 6 1 4 1 171 12 25 5 0 1 swPktStormCtrlPortIndex V2...

Page 364: ...mgmt MIB Warning swPortLoopOccurred 1 3 6 1 4 1 171 12 41 10 0 1 swLoopDetectPortIndex V2 LBD MIB Warning swPortLoopRestart 1 3 6 1 4 1 171 12 41 10 0 2 swLoopDetectPortIndex V2 LBD MIB Warning swVlan...

Page 365: ...the user needs to attach a terminal or PC with terminal emulation to the console port of the switch 2 Power on the Switch After the UART init is loaded to 100 the Switch will allow 2 seconds for the...

Page 366: ...ata transmission links This port is most often used for dedicated local management CSMA CD Channel access method used by Ethernet and IEEE 802 3 standards in which devices transmit only after finding...

Page 367: ...nce on networks STP works by allowing the user to implement parallel paths for network traffic and ensure that redundant paths are disabled when the main paths are operational and enabled if the main...

Reviews:

No comments

Related manuals for DES-3528 - xStack Switch - Stackable

IDK MSD-804FD Series Command Manual preview
MSD-804FD Series
Brand: IDK Pages: 133
IDK MSD-72 Series User Manual preview
MSD-72 Series
Brand: IDK Pages: 150
IDK MSD-501 Command Reference Manual preview
MSD-501
Brand: IDK Pages: 101
IDK MSD-402 Command Reference Manual preview
MSD-402
Brand: IDK Pages: 85
IDK IMP-400UHD Command Reference Manual preview
IMP-400UHD
Brand: IDK Pages: 40
IDK FDX-32 User Manual preview
FDX-32
Brand: IDK Pages: 97
IDK FDX-S Series User Manual preview
FDX-S Series
Brand: IDK Pages: 117
IDK FDX-16 User Manual preview
FDX-16
Brand: IDK Pages: 77
Qlogic SANbox 5000 Series Quick Start Manual preview
SANbox 5000 Series
Brand: Qlogic Pages: 8
Balluff IO-Link BNI LH1-303-S11-K091 Installation Manual preview
IO-Link BNI LH1-303-S11-K091
Brand: Balluff Pages: 12
RDL EZ-HSX4 Installation And Operation Manual preview
EZ-HSX4
Brand: RDL Pages: 4
DAB ESC plus 3M Instruction For Installation And Maintenance preview
ESC plus 3M
Brand: DAB Pages: 56
Aethra MTX200 Connection Manual preview
MTX200
Brand: Aethra Pages: 1
Aquatlantis tecatlantis EASY LED CONTROL 2 PLUS User Manual preview
tecatlantis EASY LED CONTROL 2 PLUS
Brand: Aquatlantis Pages: 4
Gefen EXT-UHDA-HBTL-RX User Manual preview
EXT-UHDA-HBTL-RX
Brand: Gefen Pages: 33
Davey RainBank Installation Instructions preview
RainBank
Brand: Davey Pages: 2
SIIG MultiView CE-H26311-S1 Manual preview
MultiView CE-H26311-S1
Brand: SIIG Pages: 24
Clas Ohlson EMT1700P Manual preview
EMT1700P
Brand: Clas Ohlson Pages: 5

Brands by name

Popular brands

Load more brands