manualshive.com logo in svg

D-Link DGS-3312SR, Manual

The D-Link DGS-3312SR is a powerful network switch designed for high-performance environments. With advanced features and exceptional reliability, this switch maximizes data transfer speeds and ensures optimal network performance. Enhance your networking experience with our detailed "Product Manual", available for "free" download at manualshive.com.

Share
Download
background image

DGS-3312SR Stackable Gigabit Layer 3 Switch 

54 

The D-Link implementation of 802.1x allows network administrators to choose between two types of Access Control used 
on the Switch, which are: 

1.  Port-Based Access Control – This method requires only one user to be authenticated per port by a remote RADIUS 

server to allow the remaining users on the same port access to the network.  

2.  MAC-Based Access Control – Using this method, the Switch will automatically learn up to three MAC addresses 

by port and set them in a list. Each MAC address must be authenticated by the Switch using a remote RADIUS 
server before being allowed access to the Network.  

Understanding 802.1x Port-based and MAC-based Network Access Control 

The original intent behind the development of 802.1X was to leverage the characteristics of point-to-point in LANs. As any 
single LAN segment in such infrastructures has no more than two devices attached to it, one of which is a Bridge Port.   
The Bridge Port detects events that indicate the attachment of an active device at the remote end of the link, or an active 
device becoming inactive. These events can be used to control the authorization state of the Port and initiate the process of 
authenticating the attached device if the Port is unauthorized. This is the Port-Based Network Access Control. 

Port-Based Network Access Control 

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

802.1X

Client

Network access controlled port

Network access uncontrolled port

RADIUS

Server

Ethernet Switch

 

Figure 4- 18. Example of Typical Port-Based Configuration 

Once the connected device has successfully been authenticated, the Port then becomes Authorized, and all subsequent 
traffic on the Port is not subject to access control restriction until an event occurs that causes the Port to become 
Unauthorized. Hence, if the Port is actually connected to a shared media LAN segment with more than one attached 
device, successfully authenticating one of the attached devices effectively provides access to the LAN for all devices on the 
shared segment. Clearly, the security offered in this situation is open to attack. 

Summary of Contents for DGS-3312SR

Page 1: ...D Link DGS 3312SR 12 Port Gigabit Layer 3 Stackable Switch Release 3 5 Manual Third Edition October 2005 Version 0 35 Printed In China RECYCLABLE ...

Page 2: ...f D Link Computer Corporation is strictly forbidden Trademarks used in this text D Link and the D LINK logo are trademarks of D Link Computer Corporation Microsoft and Windows are registered trademarks of Microsoft Corporation Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products D Link Computer Corporation disc...

Page 3: ...anel Description 5 RPS Connector 5 Plug in Modules 5 Switch Stacking 7 Management Options 8 Installation 9 Package Contents 9 Before You Connect to the Network 9 Installing the Switch without the Rack 10 Installing the Switch in a Rack 10 Mounting the Switch in a Standard 19 Rack 11 Connecting Stacked Switch Groups 12 Configuring a Switch Group for Stacking 13 External Redundant Power System 15 Co...

Page 4: ...art System 31 Advanced Settings 32 Switch Stack Management 34 Configure Stacking 34 Basic Configuration 37 Switch Information 38 IP Address 38 Advanced Settings 41 Port Configuration 43 Port Description 45 Port Mirroring 46 Traffic Control 46 Link Aggregation 48 LACP Port Settings 50 Port Access Entity 802 1X 51 Authentication Server 52 Authenticator 52 Client 53 Authentication Process 53 802 1X A...

Page 5: ...rstanding QoS 90 802 1p Default Priority 91 802 1p User Priority 91 QoS Output Scheduling Configuration 92 Traffic Segmentation 93 Port Bandwidth 94 MAC Notification 95 MAC Notification Global Settings 95 MAC Notification Port Settings 95 Port Security Configuration 96 Port Security 96 Port Lock Entry Delete 97 Port Security Clear 97 System Log Server 98 SNTP Settings 100 Time Setting 100 Time Zon...

Page 6: ...tings 149 DHCP BOOTP Relay 150 DHCP BOOTP Relay Information 150 DHCP BOOTP Relay Settings 151 DNS Relay 152 DNS Relay Information 152 DNS Relay Static Settings 153 VRRP 154 VRRP Configuration 154 VRRP Interface Settings 155 IP Multicast 159 IGMP 159 IGMP Versions 1 and 2 159 IGMP Interface Settings 160 DVMRP 162 PIM 164 Security 166 Trusted Host 166 Secure Socket Layer SSL 167 Download Certificate...

Page 7: ... View Table 193 SNMP Group Table 194 SNMP Community Table 196 SNMP Host Table 197 SNMP Engine ID 198 Monitoring 199 Stack Information 200 Port Utilization 203 CPU Utilization 204 Packets 205 Received Packets 205 Received Unicast Multicast Broadcast Packets 207 Transmitted Packets 209 Errors 211 Received Errors 211 Transmitted Errors 213 Size 215 Packet Size 215 MAC Address 217 Switch History Log 2...

Page 8: ...s 234 Download Firmware 234 Download Configuration File 235 Upload Configuration 235 Upload Log 235 Ping Test 236 Save Changes 236 Factory Reset 237 Restart System 238 Logout 238 Single IP Management 239 SIM Settings 241 Topology 242 Tool Tips 244 Right click 245 Member Switch Icon 247 Candidate Switch Icon 248 Menu Bar 249 Group 249 Device 249 View 249 Firmware Upgrade 250 Configuration File Back...

Page 9: ...ooting Services Section 10 Single IP Management Discussion on the Single IP Management function of the Switch including functions and features of the Java based user interface and the utilities of the SIM function Intended Readers The DGS 3312SR Manual contains information useful for setup and management and of the DGS 3312SR Switch This manual is intended for network managers familiar with networ...

Page 10: ...ot service any product except as explained in your system documentation Opening or removing covers that are marked with the triangular symbol with a lightning bolt may expose you to electrical shock Only a trained service technician should service components inside these compartments If any of the following conditions occur unplug the product from the electrical outlet and replace the part or cont...

Page 11: ...rounded electrical outlets These cables are equipped with three prong plugs to help ensure proper grounding Do not use adapter plugs or remove the grounding prong from a cable If you must use an extension cable use a 3 wire cable with properly grounded plugs Observe extension cable and power strip ratings Make sure that the total ampere rating of all products plugged into the extension cable or po...

Page 12: ... Use caution when pressing the component rail release latches and sliding a component into or out of a rack the slide rails can pinch your fingers After a component is inserted into the rack carefully extend the rail into a locking position and then slide the component into the rack Do not overload the AC supply branch circuit that provides power to the rack The total rack load should not exceed 8...

Page 13: ...e following steps to prevent damage from electrostatic discharge ESD 1 When unpacking a static sensitive component from its shipping carton do not remove the component from the antistatic packing material until you are ready to install the component in your system Just before unwrapping the antistatic packaging be sure to discharge static electricity from your body 2 When transporting a sensitive ...

Page 14: ...or SFP Gigabit connections Features Four built in combination 10 100 1000BASE T SFP ports Two additional 4 port modules can be added to stack up to eight additional Switches IEEE 1394 or up to eight additional Gigabit Ethernet ports 1000BASE T or SFP or use combination of stacking and Gigabit Ethernet ports Star topology Switch stacking configuration for up to 12 additional DES 3226S DES 3250TG Sw...

Page 15: ...ts BOOTP DHCP DNS Relay Supports TFTP upgrade Supports System Log Fully configurable either in band or out of band control via RS 232 console serial connection Telnet remote control console Traffic Segmentation Simple Network Time Protocol MAC address update notification Web GUI Traffic Monitoring Supports RIP v1 v2 Supports OSPF Supports PIM DM Supports DVMRP Supports IGMP Supports VRRP Supports ...

Page 16: ...ors of the Switch include Power Console and Link Act The following shows the LED indicators for the Switch along with an explanation of each indicator Figure 1 2 LED Indicators Power This indicator on the front panel should be lit during the Power On Self Test POST It will light green approximately two seconds after the Switch is powered on to indicate the ready state of the device Console This in...

Page 17: ...Ds have the same function as the corresponding LEDs for the Switch s built in Gigabit Ethernet ports The Link LED lights to confirm a valid link while the Act LED blinks to indicate activity on the link Stack ID The Switch includes a digital indicator to indicate the Switch status in a stacked Switch group An F indicates the Switch is acting in the capacity of a master Switch of a stacked group of...

Page 18: ...edundant power supply to the RPS connector If the Switch s internal power unit fails the redundant power system automatically supplies power to the Switch for uninterrupted operation The Switch supports the D Link RPS 200 or RPS 500 redundant power supply units Plug in Modules The DGS 3312SR Switch is able to accommodate optional plug in modules in order to increase functionality and performance T...

Page 19: ...lave switches LED indicators for Link Activity and Status DEM 540 IEEE 1394 Stacking Module Figure 1 7 DEM 540 IEEE 1394 Stacking module Front panel module Connect to four DES 3226S Switches up to eight additional slave units may be stacked Four transmitting ports and Four receiving port Use the connector of IEEE 1394b Data rate up to 1000 Mbps 8 segment LED display to indicate Switch ID number wi...

Page 20: ... from an IN port on one Switch to an OUT port on the next Switch in the stack Restrictions and Cautions for Stacking The DGS 3312SR may serve as the Master of up to twelve additional Switches The slave switch units must meet the following criteria All additional slave Switches must be DES 3226S or DES 3250TG Switches The slave unit types can be mixed within a single stacked group DES 3226S or DES ...

Page 21: ...ce provides complete access to all Switch management features For a full list of commands see the Command Line Reference Manual which is included on the documentation CD SNMP Based Management You can manage the Switch with an SNMP compatible console program The Switch is supports SNMP version 1 0 version 2 0 and version 3 0 The SNMP agent decodes the incoming SNMP messages and responds to requests...

Page 22: ...in installing the Switch confirm that your package contains the following items One DGS 3312SR Layer 3 Switch Mounting kit 2 mounting brackets and screws Four rubber feet with adhesive backing One AC power cord This Manual CLI Reference Manual Before You Connect to the Network Before you connect to the network you must install the Switch on a flat surface or in a rack set up a terminal emulation p...

Page 23: ... the rubber feet on the marked locations on the bottom of the chassis The rubber feet although optional are recommended to keep the unit from slipping Figure 2 1 Install rubber feet for installations with or without a rack Installing the Switch in a Rack You can install the Switch in most standard 19 inch 48 3 cm racks Refer to the illustrations below 1 Use the supplied screws to attach a mounting...

Page 24: ...DGS 3312SR Stackable Gigabit Layer 3 Switch 11 Mounting the Switch in a Standard 19 Rack Figure 2 3 Install Switch in equipment rack ...

Page 25: ...ing tell you how to configure the DGS 3312SR to function as a Master as well as how to configure the DES 3226S and the DES 3250TG to function as slave Switch units using the CLI interface Stacking Connections with IEEE 1394 Ethernet Cabling and Fiber Optic Transceiver Cabling Figure 2 4 Star Topology Stacked Switch Group The IEEE 1394 fire wire stacking ports are marked IN and OUT The IEEE 1394 co...

Page 26: ...acking mode configuration Press the Y key yes to save the stacking mode configuration 3 Successful configuration will be verified by a Success message It takes a few seconds for the change to take effect and be saved See the example below for the DES 3226S DES 3226S 4 config stacking mode enable auto Command config stacking mode enable auto Do you want to save the new system configuration to NV RA...

Page 27: ...umber of the port on the DGS 3312SR to which the Switch is connected The ports on the DGS 3312SR are numbered starting with port 1 from left to right along the front panel of the Switch For example the four combination ports next to the Stack NO LED are numbered 1 through 4 so if a four port stacking module is installed in the first module slot the stacking ports will be numbered 5 through 8 If tw...

Page 28: ...l Redundant Power System The Switch supports an external redundant power system Figure 2 8 DPS 200 with DGS 3312SR NOTE See the DPS 200 documentation for more information CAUTION Do not use the Switch with any redundant power system other than the DPS 200 ...

Page 29: ... use arrow keys in HyperTerminal s VT100 emulation See www microsoft com for information on Windows 2000 service packs g After you have correctly set up the terminal plug the power cable into the power receptacle on the back of the Switch The boot sequence appears in the terminal h After the boot sequence completes the console login screen displays i If you have not logged into the command line in...

Page 30: ...sage User names and passwords can be up to 15 characters in length The sample below illustrates a successful creation of a new administrator level account with the user name newmanager DGS 3312SR 4 create account admin newmanager Command create account admin newmanager Enter a case sensitive new password Enter the new password again for confirmation Success DGS 3312SR 4 NOTE Passwords are case sen...

Page 31: ... is separated into two parts The first part is to maintain a list of users and their attributes that are allowed to act as SNMP managers The second part describes what each user on that list can do as an SNMP manager The Switch allows groups of users to be listed and configured with a shared set of privileges The SNMP version may also be set for a listed group of SNMP managers Thus you may create ...

Page 32: ... managed with the Web based manager The Switch IP address can be automatically set using BOOTP or DHCP protocols in which case the actual address assigned to the Switch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows 1 Starting at the command line prompt enter the commands config ipif System ipaddress xxx xxx xxx xxx yyy yyy yyy ...

Page 33: ...via the Web based management Connecting Devices to the Switch After you assign IP addresses to the Switch you can connect devices to the Switch To connect a device to an SFP transceiver port 1 Use your cabling requirements to select an appropriate SFP transceiver type 2 Insert the SFP transceiver sold separately into the SFP transceiver slot 3 Use the appropriate network cabling to connect a devic...

Page 34: ...ity and increased network performance by eliminating the routing bottleneck between the WAN or Internet and the Intranet Its function in a network can be thought of as a new generation of router that performs routing functions in hardware rather than software It is in effect a router that also has numerous independent Ethernet collision domains each of which can be assigned an IP subnet This flexi...

Page 35: ...nism to alter the normal packet forwarding in a network device and can be used to intelligently allocate bandwidth to time critical applications such as the integration of voice video and data on the network 7 Develop a redundancy scheme Planning redundant links and routes to network critical resources can save valuable time in case of a link or device failure The DGS 3312SR Spanning Tree function...

Page 36: ...igure 3 1 Main Web Manager window Area Function 1 Presents a graphical near real time image of the front panel of the Switch This area displays the Switch s ports and expansion modules When the Switch is stacked a virtual representation of the Switch stack appears in the right hand portion Click on the ports in the front panel to manage the port s configuration or view data for the port 2 Select t...

Page 37: ...ages and Folders Below is a list and description of the main folders and windows available in the web interface Configuration This folder includes all the sub folders and windows used to configure various performance functions of the Switch including Layer 3 functions Security This folder contains SSL SSH and Access Authentication Control sub folders are also located here The Trusted Host window l...

Page 38: ...formation about the Switch including its MAC Address Hardware Boot PROM and Firmware versions and installed module information Switch IP Settings Switch IP settings may initially be set using the console interface prior to connecting to it through the Ethernet If the Switch IP address has not yet been changed read the Introduction of the CLI Reference or skip ahead to the end of this section for a...

Page 39: ... an IP address subnet mask and default gateway address Use the Get IP From pull down menu to choose from BOOTP or DHCP This selects how the Switch will be assigned an IP address on the next reboot The Switch IP Settings options are Parameter Description BOOTP The Switch will send out a BOOTP broadcast request when it is powered up The BOOTP protocol allows IP addresses network masks and default ga...

Page 40: ... to control management Setting the Switch s IP Address using the Console Interface Each Switch must be assigned its own IP Address which is used for communication with an SNMP network manager or other TCP IP application for example BOOTP TFTP The Switch s default IP address is 10 90 90 90 You can change the default Switch IP address to meet the specification of your networking address scheme The I...

Page 41: ...ess will be allowed management privilege through the web manager or Telnet session To define a management station IP setting type in the IP address in the area provided and then click the Apply button User Account Management Use the User Account Management to control user privileges To view existing User Accounts open the Management folder and click on the User Accounts link This will open the Use...

Page 42: ... Delete button Admin and User Privileges There are two levels of user privileges Admin and User Some menu selections available to users with Admin privileges may not be available to those with User privileges The following table summarizes the Admin and User privileges Management Admin User Configuration Yes Read Only Network Monitoring Yes Read Only Community Strings and Trap Stations Yes Read On...

Page 43: ...ediately take effect Once the Switch configuration settings have been saved to NV RAM they become the default settings for the Switch These settings will be used every time the Switch is rebooted Some settings though require you to restart the Switch before they will take effect Restarting the Switch erases all settings in RAM and reloads the stored settings from the NV RAM Thus it is necessary to...

Page 44: ...Switch s NV RAM The Switch will then reboot When the Switch has rebooted it will have the same configuration as when it was delivered from the factory Select the reset option you want to perform and click on the Apply button Restart System The following window is used to restart the Switch Access this window by clicking on the Restart System link in the Maintenance folder Click Yes after Do you wa...

Page 45: ... an idle period of time as defined Choose from the following options 9600 19200 38400 or 115200 MAC Address Aging Time 10 1000000 This field specifies the length of time a learned MAC Address will remain in the forwarding table without being accessed that is how long a learned MAC Address is allowed to remain idle The default age out time for the Switch is 300 seconds To change this type in a diff...

Page 46: ...g RMON of the Switch is Enabled or Disabled here GVRP Use this pull down menu to enable or disable GVRP on the Switch Link Aggregation Algorithm The algorithm that the Switch uses to balance the load across the ports that make up the port trunk group is defined by this definition Choose MAC Source MAC Destination MAC Src Dest IP Source IP Destination and IP Src Dest See Link Aggregation Switch 802...

Page 47: ...cted information about the resulting Switch stack is displayed in the Stack Mode Setup window To view stacking information or to enable disable the stacking mode click the Stack Information link in the Monitoring folder Figure 3 12 Stack Mode Setup stacking disabled window To enable the stacking mode follow the steps listed below 1 Select Enabled from the Stack Mode State drop down menu 2 Click on...

Page 48: ...Range Displays the total number of ports on the Switch Note that the stacking port is included in the total count Mode Displays the method used to determine the stacking order of the Switches in the Switch stack Version Displays the version number of the stacking firmware RPS Status Displays the status of an optional Redundant Power Supply Model Name Displays the model name of the corresponding Sw...

Page 49: ...DGS 3312SR Stackable Gigabit Layer 3 Switch 36 Figure 3 14 Stack Information web page with updated stack configuration ...

Page 50: ... Tree Forwarding Filtering VLANs QoS MAC Notification Port Security Configuration System Log Server SNTP Settings Access Profile Table The DGS 3312SR s Web interface is divided into six main folders Configuration Security Management Monitoring Maintenance and Single IP Management This chapter describes all of the Configuration sub folders and windows except those found in the Layer 3 IP Networking...

Page 51: ... IP settings may initially be set using the console interface prior to connecting to it through the Ethernet If the Switch IP address has not yet been changed read the Introduction of the CLI Reference or skip ahead to the end of this section for a quick description of how to use the console port and CLI IP settings commands to establish IP settings for the Switch To change IP settings using the w...

Page 52: ... network masks and default gateways to be assigned by a central BOOTP server If this option is set the Switch will first look for a BOOTP server to provide it with this information before using the default or previously entered settings DHCP The Switch will send out a DHCP broadcast request when it is powered up The DHCP protocol allows IP addresses network masks and default gateways to be assigne...

Page 53: ...cation of your networking address scheme The IP address for the Switch must be set before it can be managed with the Web based manager The Switch IP address can be automatically set using BOOTP or DHCP protocols in which case the actual address assigned to the Switch must be known The IP address may be set using the Command Line Interface CLI over the console serial port as follows Starting at the...

Page 54: ... an idle period of time as defined Choose from the following options 9600 19200 38400 or 115200 MAC Address Aging Time 10 1000000 This field specifies the length of time a learned MAC Address will remain in the forwarding table without being accessed that is how long a learned MAC Address is allowed to remain idle The default age out time for the Switch is 300 seconds To change this type in a diff...

Page 55: ...e Switch is Enabled or Disabled here GVRP Use this pull down menu to enable or disable GVRP on the Switch Link Aggregation Algorithm The algorithm that the Switch uses to balance the load across the ports that make up the port trunk group is defined by this definition Choose MAC Source MAC Destination MAC Src Dest IP Source IP Destination and IP Src Dest See Link Aggregation Switch 802 1x The Swit...

Page 56: ...arameter Description Unit Select the Switch in the Switch stack to be configured using the pull down menu 15 a switch in standalone mode From To Select a port or range of ports to be configured State Enabled Toggle the State field to either enable or disable a given port Speed Duplex Auto Toggle the Speed Duplex field to either select the speed and duplex half duplex state of the port Auto denotes...

Page 57: ...he two physical layers The timing control is set on a master physical layer by a local source The slave setting 1000M Full_S uses loop timing where the timing comes form a data stream received from the master If one connection is set for 1000M Full_M the other side of the connection must be set for 1000M Full_S Any other configuration will result in a link down status for both ports Flow Control D...

Page 58: ...on on the Configuration folder Figure 4 5 Port Description Setting window The user may set the following parameters Parameter Description Unit This is the Unit ID of a Switch in a Switch stack The number 15 indicates a DGS 3312SR Switch in standalone mode From To A consecutive group of ports may be configured starting with the selected port Description Enter a description of the port or ports Clic...

Page 59: ...r Both for the mirrored port by clicking the appropriate radio button for the port Select the Target Port using the Unit and Port drop down menus Change the Status drop down menu to Enabled Click Apply to let the changes take effect NOTE You cannot mirror a fast port onto a slower port For example if you try to mirror the traffic from a 100 Mbps port onto a 10 Mbps port this can cause throughput p...

Page 60: ...re control is a method of shutting down a loop when a storm is formed because a MAC address cannot be located in the Switch s forwarding database and it must send a packet to all ports or all ports on a VLAN To configure Traffic Control select the Unit Unit ID of a Switch in a Switch stack 15 for a Switch in standalone mode you want to configure Broadcast Storm Multicast Storm and Destination Look...

Page 61: ...rk The Switch allows the creation of up to six link aggregation groups each group consisting of 2 to 8 links ports All of the ports in the group must be members of the same VLAN and their STP status static multicast traffic control traffic segmentation and 802 1p default priority configurations must be identical Port locking port mirroring and 802 1X must not be enabled on the trunk group Further ...

Page 62: ...nd Disabled This is used to turn a port trunking group on or off This is useful for diagnostics to quickly isolate a bandwidth intensive network device or to have an absolute backup aggregation group that is not under automatic control Type This pull down menu allows you to select between Static and LACP Link Aggregation Control Protocol LACP allows for the automatic detection of links in a Port T...

Page 63: ...gured starting with the selected port Mode Active Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so the group may be changed dynamically as needs require In order to utilize the ability to change an aggregated port group that is to add or subtract ports from the group at least one of the participating ...

Page 64: ...over LAN EAPOL packets between the Client and the Server The following figure represents a basic EAPOL packet Figure 4 12 The EAPOL Packet Utilizing this method unauthorized devices are restricted from connecting to a LAN through a port to which the user is connected EAPOL packets are the only traffic that can be transmitted through the specific port until authorization is granted The 802 1x Acces...

Page 65: ...thenticator The Authenticator the Switch is an intermediary between the Authentication Server and the Client The Authenticator serves two purposes when utilizing 802 1x The first purpose is to request certification information from the Client through EAPOL packets which is the only information allowed to pass through the Authenticator before access is granted to the Client The second purpose of th...

Page 66: ...nt Authentication Process Utilizing the three roles stated above the 802 1x protocol provides a stable and secure way of authorizing and authenticating users attempting to access the network Only EAPOL traffic is allowed to pass through the specified port before a successful authentication is made This port is locked until the point when a Client with the correct username and password and MAC addr...

Page 67: ...t indicate the attachment of an active device at the remote end of the link or an active device becoming inactive These events can be used to control the authorization state of the Port and initiate the process of authenticating the attached device if the Port is unauthorized This is the Port Based Network Access Control Port Based Network Access Control 802 1X Client 802 1X Client 802 1X Client 8...

Page 68: ...successfully make use of 802 1X in a shared media LAN segment it would be necessary to create logical Ports one for each attached device that required access to the LAN The Switch would regard the single physical Port connecting it to the shared media segment as consisting of a number of distinct logical Ports each logical Port being independently controlled from the point of view of EAPOL exchang...

Page 69: ...tity 802 1x Authenticator Settings which will display the following window Figure 4 20 1st 802 1X Authenticator Settings window To configure the 802 1X Authenticator settings for a given port click on the blue port number link under the Port heading This will open the second 802 1X Authenticator Settings window as shown below Figure 4 21 2nd 802 1X Authenticator Settings window ...

Page 70: ... provide authentication services to the client through the interface If Auto is selected it will enable 802 1X and cause the port to begin in the unauthorized state allowing only EAPOL frames to be sent and received through the port The authentication process begins when the link state of the port transitions from down to up or when an EAPOL start frame is received The Switch then requests the ide...

Page 71: ...the user to set the Capability settings for the Switch on a per port basis This window can be viewed by clicking Configuration Port Access Entity PAE System Control 802 1x Capability Settings Figure 4 22 802 1X Capability Settings window To set up the Switch s 802 1X port based authentication select which ports are to be configured in the From and To fields Next enable the ports by selecting Authe...

Page 72: ...ays the following information Parameter Description Unit Choose the Switch ID number of the Switch in the Switch stack to be modified From and To Select ports to be initialized Port A read only field indicating a port on the Switch MAC Address The MAC address of the Switch connected to the corresponding port if any Auth PAE State The Authenticator PAE State will display one of the following Initia...

Page 73: ...sed 802 1x To initialize ports first choose the Switch in the Switch stack by using the Unit pull down menu then the range of ports in the From and To field Then the user must specify the MAC address to be initialized by entering it into the MAC Address field and checking the corresponding check box To begin the initialization click Apply NOTE The user must first globally enable 802 1X in the Adva...

Page 74: ...on Unit Choose the Switch ID number of the Switch in the Switch stack to be modified Port The port number of the reauthenticated port MAC Address Displays the physical address of the Switch where the port resides Auth PAE State The Authenticator State will display one of the following Initialize Disconnected Connecting Authenticating Authenticated Aborting Held ForceAuth ForceUnauth and N A Backen...

Page 75: ...y PAE System Control Reauthenticate Port s to open the following window Figure 4 26 Reauthenticate Ports MAC based 802 1x To reauthenticate ports first choose the Switch in the Switch stack by using the Unit pull down menu then the range of ports in the From and To field Then the user must specify the MAC address to be reauthenticated by entering it into the MAC Address field and checking the corr...

Page 76: ... the RADIUS server settings Parameter Description Succession RADIUS server settings index RADIUS Server Type in the IP address of the RADIUS server Authentic Port This is the UDP port on the RADIUS server that will be used to authenticate users The default is 1812 Accounting Port This is the UDP port on the RADIUS server that will be used to store the account information The default is 1813 Key Ty...

Page 77: ...P host or vice versa The Switch monitors IGMP messages and discontinues forwarding multicast packets when there are no longer hosts requesting that they continue IGMP Snooping Configuration Use this window which can be viewed by clicking Configuration IGMP Snooping IGMP Snooping to view the IGMP Snooping status To modify settings click the Modify button for the VLAN ID to change Figure 4 28 Curren...

Page 78: ...unt of time in seconds allowed for a host to continue membership in a multicast group without the Switch receiving a host membership report The default value is 260 Route Timeout This is the maximum amount of time in seconds a route is kept in the forwarding table without receiving a membership report The default value is 260 Leave Timer This specifies the maximum amount of time in seconds between...

Page 79: ... DM multicast packets are detected flowing into a port Open the IGMP folder and the click on the Static Router Ports Entry link to open the Current Static Router Ports Entries window as shown below Figure 4 30 Current Static Router Port Entries window The window displays all of the current entries to the Switch s static router port table To modify an entry click the Modify button This will open th...

Page 80: ...ame defined by an alphanumeric string of up to 32 characters defined in the MST Configuration Table window in the Configuration Name field 2 A configuration revision number named here as a Revision Level and found in the MST Configuration Table window and 3 A 4094 element table defined here as a VID List in the MST Configuration Table window which will associate each of the possible 4094 VLANs sup...

Page 81: ...nsitive to feedback from other RSTP compliant bridge links Ports do not need to wait for the topology to stabilize before transitioning to a forwarding state In order to allow this rapid transition the protocol introduces two new variables the edge port and the point to point P2P port Edge Port The edge port is a configurable designation used for a port that is directly connected to a segment wher...

Page 82: ... open the following window open the Spanning Tree folder in the Configuration menu and click the STP Bridge Global Settings link Figure 4 32 STP Bridge Global Settings STP compatible Figure 4 33 STP Bridge Global Settings RSTP default Figure 4 34 STP Bridge Global Settings MSTP ...

Page 83: ...ces on the bridged LAN If the value ages out and a BPDU has still not been received from the Root Bridge the Switch will start sending its own BPDU to all other switches for permission to become the Root Bridge If it turns out that your switch has the lowest Bridge Identifier it will become the Root Bridge The user may choose a time between 6 and 40 seconds The default value is 20 Forward Delay 4 ...

Page 84: ... Name A previously configured name set on the Switch to uniquely identify the MSTI Multiple Spanning Tree Instance If a configuration name is not set this field will show the MAC address to the device running MSTP Revision Level This value along with the Configuration Name will identify the MSTP region con figured on the Switch MSTI ID This field shows the MSTI IDs currently set on the Switch This...

Page 85: ...its hyperlinked MSTI ID number in the MST Configuration Identification window which will reveal the following window to configure Figure 4 37 Instance ID Settings window CIST modify The user may configure the following parameters to configure the CIST on the Switch Parameter Description MSTI ID The MSTI ID of the CIST is 0 and cannot be altered Type This field allows the user to choose a desired m...

Page 86: ... Type This field allows the user to choose a desired method for altering the MSTI settings The user has 2 choices Add VID Select this parameter to add VIDs to the MSTI ID in conjunction with the VID List parameter Remove VID Select this parameter to remove VIDs from the MSTI ID in conjunction with the VID List parameter VID List 1 4094 This field is used to specify the VID range from configured VL...

Page 87: ... click on its hyperlinked MSTI ID which will reveal the following window Figure 4 40 MSTI Settings window Parameter Description Instance ID Displays the MSTI ID of the instance being configured An entry of 0 in this field denotes the CIST default MSTI Internal cost This parameter is set to represent the relative cost of forwarding packets to specified ports when an interface is selected within a S...

Page 88: ...rrent status of the corresponding MSTI ID Instance Priority Displays the priority of the corresponding MSTI Instance Type The lowest priority will be the root bridge Priority Click the Modify button to change the priority of the MSTI This will open the Instance ID Settings window to configure The Type field in this window will be permanently set to Set Priority Only Enter the new priority in the P...

Page 89: ...ace value 1 2000000 Selecting this parameter with a value in the range of 1 2000000 will set the quickest route when a loop occurs A lower Internal cost represents a quicker transmission Designated Bridge This field will show the priority and MAC address of the Designated Bridge The information shown in this table comes from a BPDU packet originating from this bridge Root Port This is the port on ...

Page 90: ...redundant links are blocked on the Switch level The STP on the Switch level blocks redundant links between switches and similar network devices The port level STP will block redundant links within an STP Group It is advisable to define an STP Group to correspond to a VLAN group of ports The following fields can be set Parameter Description Unit Choose the Switch ID number of the Switch in the Swit...

Page 91: ...n all or some portion of the segment Edge Choosing the true parameter designates the port as an edge port Edge ports cannot create loops however an edge port can lose edge port status if a topology change creates a potential for a loop An edge port normally should not receive BPDU packets If a BPDU packet is received it automatically loses edge port status Choosing the false parameter indicates th...

Page 92: ...pen the Setup Static Unicast Forwarding Table window as shown below Figure 4 45 Setup Static Unicast Forwarding Table window To add an entry define the following parameters Parameter Description VLAN ID The VLAN ID number of the VLAN on which the above Unicast MAC address resides MAC Address The MAC address to which packets will be statically forwarded This must be a unicast MAC address Allowed to...

Page 93: ...t Parameter Description Unit Select the Switch in the Switch stack to configure 15 represents the Switch in standalone mode VID The VLAN ID of the VLAN to which the MAC address below belongs Multicast MAC Address The MAC address of the static source of multicast packets This must be a multicast MAC address Port Settings Allows the selection of ports that will be members of the static multicast gro...

Page 94: ... are more complex than on a traditional layer 2 Switch and must therefore be laid out and configured with a bit more forethought VLANs with an IP interface assigned to them could be thought of as network links not just as a collection of associated end users Further VLANs assigned an IP network address and subnet mask enables IP routing between them VLANs must be configured on the Switch before th...

Page 95: ...ally 802 1Q VLAN Packet Forwarding Packet forwarding decisions are made based upon the following three types of rules Ingress rules rules relevant to the classification of received frames belonging to a VLAN Forwarding rules between ports decides filter or forward the packet Egress rules determines if the packet must be sent tagged or untagged Figure 4 48 802 1Q Packet Forwarding 802 1Q VLAN Tags ...

Page 96: ... packets A packet received on a given port would be assigned that port s PVID and then be forwarded to the port that corresponded to the packet s destination address found in the Switch s forwarding table If the PVID of the port that received the packet is different from the PVID of the port that is to transmit the packet the Switch will drop the packet Within the Switch different PVIDs mean diffe...

Page 97: ... the port will not alter the packet Thus all packets received by and forwarded by an untagging port will have no 802 1Q VLAN information Remember that the PVID is only used internally within the Switch Untagging is used to send packets from an 802 1Q compliant network device to a non compliant network device Ingress Filtering A port on a Switch where packets are flowing into the Switch and VLAN de...

Page 98: ...on of the parameters in the new window Figure 4 52 802 1Q Static VLANs window Add To configure the newly created VLAN select the Switch being configured from the Unit drop down menu and provide a unique VLAN identifier and name Configure the port settings for VLAN membership by selecting the appropriate options for each port Click the Apply button to configure the VLAN port membership settings A s...

Page 99: ...re each individual port to be specified as member or nonmember of the VLAN Tag Specifies the port as either 802 1Q tagging or 802 1Q untagged Checking the box will designate the port as Tagged None Specifies the port as not being a static member of the VLAN but with no restrictions for joining the VLAN dynamically through GVRP Egress Select this to specify the port as a static member of the VLAN E...

Page 100: ...n the first 802 1Q Static VLANs window for the newly created VLAN engineering A new window appears use this to configure the port settings to the existing VLAN exactly as in the Add New VLAN window Notice that the VID and name cannot be changed If you want to change the VID or VLAN Name it will be necessary to delete the existing entry and create a new one Figure 4 55 802 1Q Static VLANs Modify wi...

Page 101: ...ce bar between Enabled and Disabled Enabled enables the port to compare the VID tag of an incoming packet with the PVID number assigned to the port If the two are different the port filters drops the packet Disabled disables Ingress filtering Ingress Checking is disabled by default Acceptable Frame Frame Type Allows you to specify the action the Switch will take when a packet is received If you sp...

Page 102: ...Mapping on the Switch The picture above shows the default priority setting for the Switch Class 7 has the highest priority of the seven priority classes of service on the Switch In order to implement QoS the user is required to instruct the Switch to examine the header of a packet to see if it has the proper identifying tag Then the user may forward these tagged packets to designated classes of se...

Page 103: ...ts sent from each priority queue depends upon the assigned weight For a configuration of 8 CoS queues A H with their respective weight value 8 1 the packets are sent in the following sequence A1 B1 C1 D1 E1 F1 G1 H1 A2 B2 C2 D2 E2 F2 G2 A3 B3 C3 D3 E3 F3 A4 B4 C4 D4 E4 A5 B5 C5 D5 A6 B6 C6 A7 B7 A8 A1 B1 C1 D1 E1 F1 G1 H1 For weighted round robin queuing if each CoS queue has the same weight value...

Page 104: ... Table window This page allows you to assign a default 802 1p priority to any given port on the Switch The priority queues are numbered from 0 the lowest priority to 7 the highest priority 802 1p User Priority The DGS 3312SR allows the assignment of a User Priority to each of the 802 1p priorities Figure 4 59 User Priority Configuration window Once you have assigned a priority to the port groups o...

Page 105: ... Changes in scheduling may result in unacceptable levels of packet loss or significant transmission delay If you choose to customize this setting it is important to monitor network performance especially during peak demand as bottlenecks can quickly develop if the QoS settings are not suitable Figure 4 60 QoS Output Scheduling Configuration window Use the Scheduling Mechanism drop down menu to sel...

Page 106: ...fied in the first part Clicking the Apply button will enter the combination of transmitting port and allowed receiving ports into the Switch s Traffic Segmentation table The Unit drop down menu at the top of the page allows you to select a switch from a switch stack using that switch s Unit ID The Port drop down menu allows you to select a port from that switch This is the port that will be transm...

Page 107: ... in standalone mode From To A consecutive group of ports may be configured starting with the selected port Type This drop down menu allows you to select between RX receive TX transmit and Both This setting will determine whether the bandwidth ceiling is applied to receiving transmitting or both receiving and transmitting packets no_limit This drop down menu allows you to specify that the selected ...

Page 108: ...story log Up to 500 entries can be specified Click Apply to implement changes made MAC Notification Port Settings Figure 4 64 MAC Notification Port Settings window The following window will allow the user to globally enable MAC Notification on the Switch To view this window click Configuration MAC Notification MAC Notification Global Settings Enable or disable MAC notification for ports with the w...

Page 109: ...orts and gaining access to the network Figure 4 65 Port Security Settings window The following parameters can be set Parameter Description Unit Allows you to specify a Switch in a Switch stack using that Switch s Unit ID The number 15 indicates a Switch in standalone mode From To A consecutive group of ports may be configured starting with the selected port Admin State This pull down menu allows y...

Page 110: ...The VLAN Name of the entry in the forwarding database table that has been permanently learned by the Switch Unit The ID number of the Switch in the Switch stack that has permanently learned the MAC address Port Enter the port on which the MAC address resides MAC Address The MAC address of the entry in the forwarding database table that has been permanently learned by the Switch Port Security Clear...

Page 111: ...ete column for the configuration being removed Figure 4 69 System Log Server Modify window Configure these parameters for the system log Parameter Description Index Syslog server settings index 1 4 Server IP The IP address of the Syslog server Severity This drop down menu allows you to select the level of messages that will be sent The options are Warning Informational and ALL Facility Some of the...

Page 112: ... 11 FTP daemon 12 NTP subsystem 13 log audit 14 log alert 15 clock daemon 16 local use 0 local0 17 local use 1 local1 18 local use 2 local2 19 local use 3 local3 20 local use 4 local4 21 local use 5 local5 22 local use 6 local6 23 local use 7 local7 UDP Port Type the UDP port number used for sending Syslog messages The default is 514 Status Choose Enabled or Disabled to activate or deactivate this...

Page 113: ...Current Time Displays the current system time Time Source Displays the time source for the system SNTP State Use this pull down menu to enable or disable SNTP SNTP Primary Server This is the primary server from which SNTP information will be taken SNTP Secondary Server This is the secondary server from which the SNTP information will be taken if the primary server fails SNTP Poll Interval in Secon...

Page 114: ...ime Zone and DST Settings window The following parameters can set Parameter Description Daylight Saving Time State Use this pull down menu to enable or disable the DST Settings Daylight Saving Time Offset in Minutes Use this pull down menu to specify the amount of time that will constitute your local DST offset 30 60 90 or 120 minutes Time Zone Offset from GMT in HH MM Use these pull down menus to...

Page 115: ...r the week of the month the DST will end To Which Day Enter the day of the week that DST will end To Which Month Enter the month that DST will end To What Time HH MM Enter the time DST will end DST Annual Settings Annual Using annual mode will enable DST seasonal time adjustment Annual mode requires that the DST beginning and ending date be specified concisely For example specify to begin DST on A...

Page 116: ...urrently configured Access Profiles on the Switch open the Configuration folder and click on the Access Profile Table link This will open the Access Profile Table window as shown below Figure 4 72 Access Profile Table window To add an entry to the Access Profile Table window click the Add button This will open the Access Profile Configuration window as shown below There are three Access Profile Co...

Page 117: ...se this as the or part of the criterion for forwarding Source MAC Source MAC Mask Enter a MAC address mask for the source MAC address Destination MAC Destination MAC Mask Enter a MAC address mask for the destination MAC address 802 1p Selecting this option instructs the Switch to examine the 802 1p priority value of each packet header and use this as the or part of the criterion for forwarding Eth...

Page 118: ...ne the Internet Control Message Protocol ICMP field in each frame s header Select type to further specify that the access profile will apply an ICMP type value or specify code to further specify that the access profile will apply an ICMP code value Select IGMP to instruct the Switch to examine the Internet Group Management Protocol ICMP field in each frame s header Select type to further specify t...

Page 119: ...ress or packet content mask This will change the menu according to the requirements for the type of profile Select Ethernet to instruct the Switch to examine the layer 2 part of each packet header Select IP to instruct the Switch to examine the IP address in each frame s header Select Packet Content Mask to specify a mask to hide the content of the packet header Offset This field will instruct the...

Page 120: ... is displayed To remove a previously created rule select it and click the Delete button Configure the Access Rule Configuration settings for Ethernet on the window below Figure 4 77 Access Rule Configuration Ethernet window The following parameters can be set Parameter Description Profile ID This is the identifier number for this profile set Mode Select Permit to specify that the packets that matc...

Page 121: ...riority of a packet to the value entered in the Priority field which meets the criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch For more information on priority queues CoS queues and mapping for 802 1p see the QoS secti...

Page 122: ...each packet header IP instructs the Switch to examine the IP address in each frame s header Packet Content Mask specifies a mask to hide the content of the packet header Priority 0 7 This parameter is specified if you want to re write the 802 1p default priority previously set in the Switch which is used to determine the CoS queue to which packets are forwarded to Once this field is specified pack...

Page 123: ... as the or part of the criterion for forwarding The user may choose a value between 0 and 63 Protocol This field allows the user to modify the protocol ID used in configuring the Access Rule Table window depending on which protocol the user has chosen in the Access Profile Table window Configure the Access Rule Configuration settings for the Packet Content Mask on the window below Figure 4 79 Acce...

Page 124: ...r Replace priority Click the corresponding box if you want to re write the 802 1p default priority of a packet to the value entered in the Priority field which meets the criteria specified previously in this command before forwarding it on to the specified CoS queue Otherwise a packet will have its incoming 802 1p user priority re written to its original value before being forwarded by the Switch ...

Page 125: ... PIM DM RIP or OSPF for the Switch select Enabled using the pull down menu for the global setting and click the Apply button You may later select Disabled for any of these to disable the protocol without changing any of the settings that may have been configured for them Figure 5 1 L3 Global Advanced Settings window The user may globally set the maximum amount of time in minutes which an Address R...

Page 126: ...rfaces for a specified VLAN primary and secondary that set IP interface cannot be changed to another VLAN Application Limitation A multicast router cannot be connected to IP interfaces that are utilizing the IP Multinetting function NOTE Only the primary IP interface will support the BOOTP relay agent IP Multinetting is a valuable tool for network administrators requiring a multitude of IP address...

Page 127: ...0 160 0 0 10 160 0 1 Backbone 6 10 192 0 0 10 192 0 1 Table 6 2 VLAN Example Assigned IP Interfaces The six IP interfaces each with an IP address listed in the table above and a subnet mask of 255 224 0 0 can be entered into the Setup IP Interface window To setup IP Interfaces on the Switch Each VLAN must be configured prior to setting up the VLAN s corresponding IP interface To set up IP interfac...

Page 128: ...he changes into NV RAM The following fields can be set Parameter Description Interface Name This field displays the name for the IP interface The default IP interface is named System IP Address Enter an IP address to be assigned to this IP interface Subnet Mask Enter a subnet mask to be applied to this IP interface VLAN Name Enter the VLAN Name for the VLAN to which the IP interface belongs The VL...

Page 129: ...o configure an MD5 Key click the MD5 Key Settings link in the Layer 3 IP Networking folder to open the following window Figure 5 5 MD5 Key Setting window To add an MD5 key to the table type a unique Key ID Key Identifier and provide a Key in the fields provided Click the Add Modify button to add the key to the MD5 Key Table To remove a key simply click the X in the Delete column for the Key you wi...

Page 130: ... to RIP The following table lists the allowed values for the routing metrics and the types or forms of the routing information that will be redistributed Route Source Metric Type OSPF 0 to 16 All Internal External ExtType1 ExtType2 Inter E1 Inter E2 RIP 0 to 16777214 Type 1 Type 2 Static 0 to 16777214 Type 1 Type 2 Local 0 to 16777214 Type 1 Type 2 Table 5 1 Route Redistribution Source table Enter...

Page 131: ... of the Router Redistribution Settings window settings Parameter Description Dest Protocol Allows the selection of the protocol of the destination device Available choices are RIP and OSPF Src Protocol Allows the selection of the protocol of the source device Available choices are RIP OSPF STATIC or LOCAL Type Allows for the selection of one of six methods of calculating the metric value The user ...

Page 132: ...ute will appear in the previous window To view the new route and any other static routes configured for the Switch click the Show All Static Default Route Entries link The following fields can be set or viewed for windows of the Static Default route Settings section Parameter Description IP Address The IP address of the Static Default Route Subnet Mask The corresponding Subnet Mask of the IP addre...

Page 133: ... X button in the Delete column for the entry you want to eliminate To delete all static ARP entries click the Clear All button To open the Static ARP Table open the Configuration folder and then open the Layer 3 IP Networking folder and click on the Static ARP Settings link Figure 5 10 Static ARP Settings window Clicking the Add button allows you to add a new entry using the window below Figure 5 ...

Page 134: ... RIP does not have an explicit method to detect routing loops Many RIP implementations include an authorization mechanism a password to prevent a router from learning erroneous routes from unauthorized routers To maximize stability the hop count RIP uses to measure distance must have a low maximum value Infinity that is the network is unreachable is defined as 16 hops In other words if a network i...

Page 135: ... used by the network is the same as the subnet mask used by the address This means the RIP version 1 cannot be used to propagate classless addresses Routers running RIP version 1 must send different update messages for each IP interface to which it is connected Interfaces that use the same subnet mask as the router s network can contain subnetted routes other interfaces cannot The router will then...

Page 136: ...RIP Interface Settings RIP settings are configured for each IP interface on the Switch Click the RIP Interface Settings link in the RIP sub folder The window appears in table form listing settings for IP interfaces currently on the Switch To configure RIP settings for an individual interface click on the hyperlinked name of the interface Figure 5 14 RIP Interface Settings window Click the name of ...

Page 137: ...ts RX Mode Toggle among Disabled V1 Only V2 Only and V1 or V2 This entry specifies which version of the RIP protocol will be used to interpret received RIP packets Disabled prevents the reception of RIP packets Authentication Toggle between Disabled and Enabled to specify that routers on the network should us the Password above to authenticate router table exchanges Password A password to be used ...

Page 138: ...in the routing information changes the router generates a link state advertisement This advertisement is a specially formatted packet that contains information about all the link states on the router 2 This link state advertisement is flooded to all router in the area Each router that receives the link state advertisement will store the advertisement and then forward a copy to other routers 3 When...

Page 139: ...222 211 10 0 0 10 10 5 5 10 10 Figure 5 17 Constructing a Shortest Path Tree The diagram above shows the network from the viewpoint of Router A Router A can reach 192 213 11 0 through Router B with a cost of 10 5 15 Router A can reach 222 211 10 0 through Router C with a cost of 10 10 20 Router A can also reach 222 211 10 0 through Router B and Router D with a cost of 10 5 10 25 but the cost is hi...

Page 140: ...he exchange of link state updates and the calculation of the shortest path tree are limited to the area that the router is connected to Routers that have connections to more than one area are called Border Routers BR The Border Routers have the responsibility of distributing necessary routing information and changes between areas Areas are specific to the router interface A router that has all of ...

Page 141: ... Password Authentication A password or key can be configured on a per area basis Routers in the same area that participate in the routing domain must be configured with the same key This method is possibly vulnerable to passive attacks where a link analyzer is used to obtain the password Backbone and Area 0 OSPF limits the number of link state updates required between routers by defining areas wit...

Page 142: ...ignated Router BDR on each multi access segment the BDR is a backup in case of a DR failure All other routers on the segment will then contact the DR for link state database updates and exchanges This limits the bandwidth required for link state database updates Designated Router Election The election of the DR and BDR is accomplished using the Hello protocol The router with the highest OSPF prior...

Page 143: ...es The header is described first and each packet type is described in a subsequent section All OSPF packets except for Hello packets forward link state advertisements Link State Update packets for example flood advertisements throughout the OSPF routing domain OSPF packet header Hello packet Database Description packet Link State Request packet The Link State Update packet Link State Acknowledgmen...

Page 144: ...lly on all interfaces including virtual links in order to establish and maintain neighbor relationships In addition Hello Packets are multicast on those physical networks having a multicast or broadcast capability enabling dynamic discovery of neighboring routers All routers connected to a common network must agree on certain parameters such as the Network Mask the Hello Interval and the Router De...

Page 145: ...ress on the network This field is set to 0 0 0 0 if there is no BDR Field Description Neighbor The Router Ids of each router from whom valid Hello packets have been seen within the Router Dead Interval on the network Database Description Packet Database Description packets are OSPF packet type 2 These packets are exchanged when an adjacency is being initialized They describe the contents of the to...

Page 146: ...Description packets with a neighboring router a router may find that parts of its topological database are out of date The Link State Request packet is used to request the pieces of the neighbor s database that are more up to date Multiple Link State Request packets may need to be used The sending of Link State Request packets is the last step in bringing up an adjacency A router that sends a Link...

Page 147: ...gure 5 23 Link State Update Packet The body of the Link State Update packet consists of a list of link state advertisements Each advertisement begins with a common 20 byte header the link state advertisement header Otherwise the format of each of the five types of link state advertisements is different Link State Acknowledgment Packet Link State Acknowledgment packets are OSPF packet type 5 To mak...

Page 148: ...e advertisements may also be originated The flooding algorithm is reliable ensuring that all routers have the same collection of link state advertisements The collection of advertisements is called the link state or topological database From the link state database each router constructs a shortest path tree with itself as root This yields a routing table There are four types of link state adverti...

Page 149: ...ernal Link Link State ID This field identifies the portion of the internet environment that is being described by the advertisement The contents of this field depend on the advertisement s Link State Type Advertising Router The Router ID of the router that originated the Link State Advertisement For example in network links advertisements this field is set to the Router ID of the network s Designa...

Page 150: ... is able to calculate a separate set of routes for each IP Type of Service TOS Router links advertisements are flooded throughout a single area only Field Description V bit When set the router is an endpoint of an active virtual link that is using the described area as a Transit area V is for Virtual link endpoint E bit When set the router is an Autonomous System AS boundary router E is for Extern...

Page 151: ...o point connection it specifies the interface s MIB II ifIndex value For other link types it specifies the router s associated IP interface address This latter piece of information is needed during the routing table build process when calculating the IP address of the next hop No of TOS The number of different Type of Service TOS metrics given for this link not counting the required metric for TOS...

Page 152: ... Checksum Length Network Link Advertisements 2 Network Mask Attached Router Figure 5 27 Network Link Advertisements Field Description Network Mask The IP address mask for the network Attached Router The Router Ids of each of the routers attached to the network Only those routers that are fully adjacent to the Designated Router DR are listed The DR includes itself in this list Summary Link Advertis...

Page 153: ...pecified for TOS 0 Field Description Network Mask For Type 3 link state advertisements this indicates the destination network s IP address mask For example when advertising the location of a class A network the value 0xff000000 TOS The Type of Service that the following cost is relevant to Metric The cost of this route Expressed in the same units as the interface costs in the router links advertis...

Page 154: ...ro the specified metric is a Type 1 external metric This means that is comparable directly to the link state metric Forwarding Address Data traffic for the advertised destination will be forwarded to this address If the Forwarding Address is set to 0 0 0 0 data traffic will be forwarded instead to the advertisement s originator TOS The Type of Service that the following cost is relevant to Metric ...

Page 155: ...t would be 10 53 13 189 but any unique 32 bit number will do If 0 0 0 0 is entered the highest IP address assigned to the Switch will become the OSPF Route ID Current Route ID Displays the OSPF Route ID currently in use by the Switch This Route ID is displayed as a convenience to the user when changing the Switch s OSPF Route ID State Allows OSPF to be enabled or disabled globally on the Switch wi...

Page 156: ...F Area ID will appear in the table Figure 5 32 OSPF Area Settings window See the parameter descriptions below for information on the OSPF Area ID setting The Area ID settings are as follows Parameter Description Area ID A 32 bit number in the form of an IP address xxx xxx xxx xxx that uniquely identifies the OSPF area in the OSPF domain Type This field can be toggled between Normal and Stub using ...

Page 157: ... see the configuration menu for that interface Figure 5 33 OSPF Interface Settings window Figure 5 34 OSPF Interface Settings Edit window Configure each IP interface individually using the OSPF Interface Settings Edit window Click the Apply button when you have entered the settings The new configuration appears listed in the OSPF Interface Settings table To return to the OSPF Interface Settings wi...

Page 158: ...None specifies no authorization Simple uses a simple password to determine if the packets are from an authorized OSPF router When Simple is selected the Auth Key field allows the entry of an 8 character password that must be the same as a password configured on a neighbor OSPF router MD5 uses a cryptographic key entered in the MD5 Key Setting window When MD5 is selected the Auth Key ID field allow...

Page 159: ... Figure 5 36 OSPF Virtual Interface Settings Add window Configure the following parameters if you are adding or changing an OSPF Virtual Interface Parameter Description Transit Area ID Allows the entry of an OSPF Area ID previously defined on the Switch that allows a remote area to communicate with the backbone area 0 A Transit Area cannot be a Stub Area or a Backbone Area Neighbor Router The OSPF...

Page 160: ... state update over this virtual link Transit delay takes into account transmission and propagation delays This field is fixed at 1 second RetransInterval The number of seconds between link state advertisement retransmissions for adjacencies belonging to this virtual link This field is fixed at 5 seconds NOTE For OSPF to function properly some settings should be identical on all participating OSPF ...

Page 161: ...configuration being removed Figure 5 37 OSPF Area Aggregation Settings window Use the window below to change settings or add a new Area Aggregation setting Figure 5 38 OSPF Aggregation Configuration Add window Specify the OSPF Aggregation settings and click the Apply button to add or change the settings The new settings will appear listed in the OSPF Area Aggregation Settings window To view the ta...

Page 162: ... for the configuration you want to change and proceed to change the metric or area ID To eliminate an existing configuration click the X in the Delete column for the configuration being removed Figure 5 39 OSPF Host Route Settings window Use the window below to set up OSPF host routes Figure 5 40 OSPF Host Route Settings Add window Specify the host route settings and click the Apply button to add ...

Page 163: ...nfigure hops and time limit Set the relay configuration as desired and click on the Apply button These settings will be applied to all BOOTP DHCP relays regardless of the destination or source Parameter Description BOOTP Relay State This field can be toggled between Enabled and Disabled using the pull down menu It is used to enable or disable the BOOTP DHCP Relay service on the Switch The default ...

Page 164: ...er the Apply heading The user may add up to four server IPs per IP interface on the Switch Entries may be deleted by clicking it s corresponding X Figure 5 42 DHCP BOOTP Relay Settings window To create a new relay configuration enter the IP interface name you want to configure for DHCP relay and the IP address of the server Click on the Add button to enter the relay settings Up to four servers can...

Page 165: ... specifying whether the domain name system should do the entire name translation or simply return the address of the next DNS server if the server receiving the query cannot resolve the name When a DNS server receives a query it checks to see if the name is in its sub domain If it is the server translates the name and appends the answer to the query and sends it back to the client If the DNS serve...

Page 166: ...ay information in a static table Configure the table using the window pictured below To configure permanent entries for the DNS Relay Static Table use the following window DNS Relay Static Settings To view the DNS Relay Static Settings click Configuration Layer 3 IP Networking DNS Relay DNS Relay Static Settings which will open the DNS Relay Static Settings window as seen below Figure 5 44 DNS Rel...

Page 167: ...he election protocol will select a virtual router with the highest priority to be the Master router on the LAN This retains the link and the connection is kept alive regardless of the point of failure To configure VRRP for virtual routers on the Switch an IP interface must be present on the system and it must be a part of a VLAN VRRP IP interfaces may be assigned to every VLAN and therefore IP int...

Page 168: ...ckets received by a virtual router Possible authentication types include No authentication No authentication has been selected to compare VRRP packets received by a virtual router Simple Text Password A Simple password has been selected to compare VRRP packets received by a virtual router for authentication IP Authentication Header An MD5 message digest algorithm has been selected to compare VRRP ...

Page 169: ...or all routers that participate in this group Admin State Used to enable Up and disable Down the VRRP IP interface on the Switch Priority 1 255 Enter a value between 1 and 255 to indicate the router priority The VRRP Priority value may determine if a higher priority VRRP router overrides a lower priority VRRP router A higher priority will increase the probability that this router will become the M...

Page 170: ... The choices are None Selecting this parameter indicates that VRRP protocol exchanges will not be authenticated Simple Selecting this parameter will require the user to set a simple password in the Auth Data field for comparing VRRP message packets received by a router If the two passwords are not exactly the same the packet will be dropped IP Selecting this parameter will require the user to set ...

Page 171: ...router Possible states include Initialize Master and Backup Admin State Displays the current state of the router Up will be displayed if the virtual router is enabled and Down if the virtual router is disabled Priority Displays the priority of the virtual router A higher priority will increase the probability that this router will become the Master router of the group A lower priority will increas...

Page 172: ...bnetwork IGMP Versions 1 and 2 Multicast groups allow members to join or leave at any time IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below Figure 4 80 IGMP Message Format The IGMP Type codes are shown b...

Page 173: ...terfaces function the same way they do for individual ports or VLANs in Layer 2 Most of the parameters are the same as well except instead of configuring for VLANs you are setting up IGMP for different subnets IP interfaces IGMP Interface Settings The IGMP interface links are located in the IP Multicast subfolder in the Layer 3 IP Networking configuration folder Click IGMP Interface Settings Figur...

Page 174: ...he IP interface name above Version Enter the IGMP version 1 or 2 that will be used to interpret IGMP queries on the interface Query Interval Allows the entry of a value between 1 and 65535 seconds with a default of 125 seconds This specifies the length of time between sending IGMP queries Max Response Time Sets the maximum amount of time allowed before sending an IGMP response report A value betwe...

Page 175: ...s the message If the message is not received on the shortest path back to the source the message is dropped Route cost is a relative number that is used by DVMRP to calculate which branches of a multicast delivery tree should be pruned The cost is relative to other costs assigned to other DVMRP routes throughout the network The higher the route cost the lower the probability that the current route...

Page 176: ...ce Name Displays the name of the IP interface for which DVMRP is to be configured This must be a previously defined IP interface IP Address Displays the IP address corresponding to the IP Interface name entered above Neighbor Timeout Interval 1 65535 This field allows an entry between 1 and 65 535 seconds and defines the time period DVMRP will hold Neighbor Router reports before issuing poison rou...

Page 177: ...terval for removing prune information is the Join Prune Interval PIM DM Global Setting To use PIM DM on the Switch it must be enabled globally Use the PIM DM Global Setting window to enable or disable PIM DM globally Disabling PIM DM will not affect any PIM DM settings that have been configured so it can later be enabled and apply the same settings To enable PIM DM globally on the Switch go to Con...

Page 178: ...terfaces Parameter Description Interface Name Allows the entry of the name of the IP interface for which PIM DM is to be configured This must be a previously defined IP interface IP Address Displays the IP address for the IP interface named above Hello Interval 1 18724 This field allows an entry of between 1 and 18724 seconds and determines the interval between sending Hello packets to other route...

Page 179: ...the Switch It is recommended that the IP address of the local host that will be used to manage the Switch be entered here to avoid possible frequent disconnection from the Switch s Web based management agent Figure 6 1 Security IP Management window Use the Security IP Management to permit remote stations to manage the Switch If you choose to define one or more designated management stations only t...

Page 180: ...is part of the ciphersuite allows the user to choose a message digest function that will determine a Message Authentication Code This Message Authentication Code will be encrypted with a sent message to provide integrity and prevent against replay attacks The Switch supports two hash algorithms MD5 Message Digest 5 and SHA Secure Hash Algorithm These three parameters are uniquely assembled in four...

Page 181: ...error and no access can be authorized for the web based management To view the following window click Security Secure Socket Layer SSL Configuration Figure 6 3 SSL Configuration window To set up the SSL function on the Switch configure the following parameters and click Apply Parameter Description RSA with RC4 128 MD5 This ciphersuite combines the RSA key exchange stream cipher RC4 encryption with...

Page 182: ...dress field of the web browser will result in an error and no authentication will be granted NOTE Certain implementations concerning the function and configuration of SSL are not available on the web based management of this Switch and need to be configured using the command line interface For more information on SSL and its functions see the DGS 3312SR Command Line Reference Manual located on the...

Page 183: ...ny other admin lever User account on the Switch including specifying a password This password is used to login to the Switch once secure communication has been established using the SSH protocol 2 Configure the user account to use a specified authorization method to identify users that are allowed to establish SSH connections with the Switch using the SSH User Authentication window There are three...

Page 184: ...ult is 300 seconds Auth Fail 2 20 Allows the administrator to set the maximum number of attempts that a user may try to log on to the SSH Server utilizing SSH authentication After the maximum number of attempts is exceeded the Switch will be disconnected and the user must reconnect to the Switch to attempt another login The number of maximum attempts may be set between 2 and 20 The default is 2 Se...

Page 185: ...u All algorithms are enabled by default To view the following window click Security Secure Shell SSH SSH Algorithm Figure 6 5 Encryption Algorithm window The user may set the following parameters Parameter Description Encryption Algorithm 3DES CBC Use the pull down menu to enable or disable the Triple_Data Encryption Standard encryption algorithm with Cipher Block Chaining The default is Enabled B...

Page 186: ...r disable the HMAC Hash for Message Authentication Code mechanism utilizing the Secure Hash Algorithm encryption The default is Enabled HMAC MD5 Use the pull down menu to enable or disable the HMAC Hash for Message Authentication Code mechanism utilizing the MD5 Message Digest encryption algorithm The default is Enabled Public Key Algorithm HMAC RSA Use the pull down menu to enable or disable the ...

Page 187: ...ote SSH server for authentication purposes Choosing this parameter requires the user to input the following information to identify the SSH user Host Name Enter an alphanumeric string of up to 31 characters identifying the remote SSH user Host IP Enter the corresponding IP address of the SSH user Password This parameter should be chosen if the user wishes to use an administrator defined password f...

Page 188: ... The server will not accept the username and password and the user is denied access to the Switch The server doesn t respond to the verification query At this point the Switch receives the timeout from the server and then moves to the next method of verification configured in the method list The Switch has four built in Authentication Server Groups one for each of the TACACS XTACACS TACACS and RAD...

Page 189: ...licy on the Switch Response timeout 1 255 This field will set the time the Switch will wait for a response of authentication from the user The user may set a time between 1 and 255 seconds The default setting is 30 seconds User attempts 1 255 This command will configure the maximum number of times the Switch will accept authentication attempts Users failing to be authenticated after the set amount...

Page 190: ...sole Command Line Interface application the Telnet application the Secure Shell SSH application and the Web HTTP application Login Method List Using the pull down menu configure an application for normal login on the user level utilizing a previously configured method list The user may use the default Method List or other Method List configured by the user See the Login Method List Settings window...

Page 191: ...ays the Authentication Server Groups on the Switch The Switch has four built in Authentication Server Groups that cannot be removed but can be modified To modify a particular group click its hyperlinked Group Name which will then display the following window Figure 6 11 Add a Server Host to Server Group radius window To add an Authentication Server Host to the list enter its IP address in the IP A...

Page 192: ...ng hosts to the list Authentication Server Hosts must be configured for their specific protocol on a remote centralized server before this function can work properly NOTE The four built in server groups can only have server hosts running the same TACACS RADIUS daemon RADIUS TACACS TACACS and XTACACS protocols are separate entities and are not compatible with each other ...

Page 193: ...e authentication protocol can be run on the same physical server host but remember that RADIUS TACACS TACACS XTACACS are separate entities and are not compatible with each other The maximum supported number of server hosts is 16 To view the following window click Security Access Authentication Control Authentication Server Host Figure 6 12 Authentication Server Host Settings window To add an Authe...

Page 194: ... define the virtual port number of the authentication protocol on a server host The default port number is 49 for TACACS XTACACS TACACS and 1812 for RADIUS servers but the user may set a unique port number for higher security Timeout 1 255 Enter the time in seconds the Switch will wait for the server host to reply to an authentication request The default value is 5 seconds Retransmit 1 255 Enter t...

Page 195: ...cal method is used the privilege level will be dependant on the local account privilege configured on the Switch Successful login using any of these techniques will give the user a user privilege only If the user wishes to upgrade his or her status to the administrator level the user must use the Enable Admin window in which the user must enter a previously configured password set by the administr...

Page 196: ...o be authenticated using the local user account database on the Switch none Adding this parameter will require no authentication to access the Switch radius Adding this parameter will require the user to be authenticated using the RADIUS protocol from a remote RADIUS server tacacs Adding this parameter will require the user to be authenticated using the TACACS protocol from a remote TACACS server ...

Page 197: ...rver group If no verification is found the Switch will send an authentication request to the second TACACS host in the server group and so on until the list is exhausted At that point the Switch will restart the same sequence with the following protocol listed XTACACS If no authentication takes place using the XTACACS list the Local Enable password set in the Switch is used to authenticate the use...

Page 198: ...ssword database on the Switch The local enable password must be set by the user in the next section entitled Local Enable Password none Adding this parameter will require no authentication to access the Switch radius Adding this parameter will require the user to be authenticated using the RADIUS protocol from a remote RADIUS server tacacs Adding this parameter will require the user to be authenti...

Page 199: ...82 Configure Local Enable Password window To set the Local Enable Password set the following parameters and click Apply Parameter Description Old Local Enable If a password was previously configured for this entry enter it here in order to change it to a new password New Local Enable Enter the new password that you wish to set on the Switch to authenticate users attempting to access Administrator ...

Page 200: ... no authentication none Because XTACACS and TACACS do not support the enable function the user must create a special account on the server host which has the username enable and a password configured by the administrator that will support the enable function This function becomes inoperable when the authentication policy is disabled To view the following window click Security Access Authentication...

Page 201: ...r Account Management window as shown below Figure 7 2 User Account Management window To add a new user click on the Add button To modify or delete an existing user click on the Modify button for that user Figure 7 3 User Account Modify Table window Add a new user by typing in a User Name and New Password and retype the same password in the Confirm New Password Choose the level of privilege Admin o...

Page 202: ...min and User Some menu selections available to users with Admin privileges may not be available to those with User privileges The following table summarizes the Admin and User privileges Management Admin User Configuration Yes Read Only Network Monitoring Yes Read Only Community Strings and Trap Stations Yes Read Only Update Firmware and Configuration Files Yes No System Utilities Yes No Factory R...

Page 203: ... create a group of SNMP managers that are allowed to view read only information or receive traps using SNMPv1 while assigning a higher level of security to another group granting read write privileges using SNMPv3 Using SNMPv3 individual users or groups of SNMP managers can be allowed to perform or be restricted from performing specific SNMP management functions The functions allowed or restricted...

Page 204: ...play window as shown below Figure 7 6 SNMP User Table Display window The following parameters are displayed Parameter Description User Name An alphanumeric string of up to 32 characters This is used to identify the SNMP users Group Name This name is used to specify the SNMP group created can request SNMP messages SNMP Version V1 Indicates that SNMP version 1 is in use V2 Indicates that SNMP versio...

Page 205: ...col MD5 Specifies that the HMAC MD5 96 authentication level will be used This field is only operable when V3 is selected in the SNMP Version field and the Encryption field has been checked This field will require the user to enter a password SHA Specifies that the HMAC SHA authentication protocol will be used This field is only operable when V3 is selected in the SNMP Version field and the Encrypt...

Page 206: ...on a separate window will appear Figure 7 9 SNMP View Table Configuration window The SNMP Group created with this table maps SNMP users identified in the SNMP User Table window to the views created in the previous window The following parameters can set Parameter Description View Name Type an alphanumeric string of up to 32 characters This is used to identify the new SNMP view being created Subtre...

Page 207: ...r Figure 7 10 SNMP Group Table window To delete an existing SNMP Group Table entry click the corresponding X icon under the Delete heading To display the current settings for an existing SNMP Group Table entry click the blue hyperlink for the entry under the Group Name heading revealing the following window Figure 7 11 SNMP Group Table Display window To add a new entry to the Switch s SNMP Group T...

Page 208: ...sion 2c will be used The SNMPv2 supports both centralized and distributed network management strategies It includes improvements in the Structure of Management Information SMI and adds some security features SNMPv3 Specifies that the SNMP version 3 will be used SNMPv3 provides secure access to devices through a combination of authentication and encrypting packets over the network Security Level Th...

Page 209: ...lder and click the SNMP Community Table link which will open the following screen Figure 7 13 SNMP Community Table Configuration window The following parameters can set Parameter Description Community Name Type an alphanumeric string of up to 32 characters that is used to identify members of an SNMP community This string is used like a password to give remote SNMP managers access to MIB objects in...

Page 210: ...MP Host Table window This will open the SNMP Host Table Configuration window as shown below Figure 7 15 SNMP Host Table Configuration window The following parameters can set Parameter Description Host IP Address Type the IP address of the remote management station that will serve as the SNMP host for the Switch SNMP Version V1 To specifies that SNMP version 1 will be used V2 To specify that SNMP v...

Page 211: ... the SNMP engine on the Switch To display the Switch s SNMP Engine ID open the SNMP Manger folder located in the Management folder and click on the SNMP Engine ID link This will open the SNMP Engine ID Configuration window as shown below Figure 7 16 SNMP Engine ID Configuration window To change the Engine ID type the new Engine ID in the space provided and click the Apply button ...

Page 212: ...Session Table Layer 3 Feature TraceRoute Browse IP Address Table Browse Routing Table Browse ARP Table Browse IP Multicast Forwarding Table Browse IGMP Group Table OSPF Monitor DVMRP Monitor PIM Monitor The DGS 3312SR provides extensive network monitoring capabilities that can be viewed from the Monitoring folder Links to monitoring windows associated with Layer 3 Switch operations are located in ...

Page 213: ... of a gigabit Ethernet module One of these ports MUST be connected to the Mini GBIC combo port number 50 to the far right of the DES 3250TG for the proper stacking implementation to function correctly The DES 3226S will stack with the DGS 3312SR with a gigabit Ethernet connection or over IEEE 1394 fire wire cabling One of these ports MUST be connected to module port number 26 to the far right of t...

Page 214: ...n a Switch stack or in standalone mode Below is an example of the Stack Mode Setup window with stacking mode enabled on Port 1 Figure 8 2 Stack Mode Setup stacking enabled window Variables in this window are described below Parameter Description ID Displays the Switch s order in the stack The Switch with a unit id of 1 is the master Switch MAC Address Displays the unique address of the Switch assi...

Page 215: ...SR Stackable Gigabit Layer 3 Switch 202 When the stacked group is connected and properly configured the virtual stack appears in the upper right hand corner of the web page Figure 8 3 Stack Information web page ...

Page 216: ...nit Allows you to specify a Switch in a Switch stack using that Switch s Unit ID The number 15 indicates a Switch in standalone mode Port Allows you to specify a port to monitor from the Switch selected above Clear Clicking this button clears all statistics counters on this window Time Interval 1s Select the desired setting between 1s and 60s where s stands for seconds The default value is one sec...

Page 217: ...and then the CPU Utilization link Figure 8 5 CPU Utilization window The following field can be set Parameter Description Time Interval 1s Select the desired setting between 1s and 60s where s stands for seconds The default value is one second Record Number 200 Select number of times the Switch will be polled between 20 and 200 The default value is 200 Show Hide Check to display Utilization ...

Page 218: ...er of the Monitoring menu to view the following graph of packets received on the Switch To select a port to view these statistics for first select the Switch in the Switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a po...

Page 219: ...een 20 and 200 The default value is 200 Bytes Counts the number of bytes received on the port Packets Counts the number of packets received on the port Unicast Counts the total number of good packets that were received by a unicast address Multicast Counts the total number of good packets that were received by a multicast address Broadcast Counts the total number of good packets that were received...

Page 220: ...ceived on the Switch To select a port to view these statistics for first select the Switch in the Switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 8 8 Rx Packets Analysis line graph for Unicast Multicast ...

Page 221: ...ct number of times the Switch will be polled between 20 and 200 The default value is 200 Unicast Counts the total number of good packets that were received by a unicast address Multicast Counts the total number of good packets that were received by a multicast address Broadcast Counts the total number of good packets that were received by a broadcast address Show Hide Check whether or not to displ...

Page 222: ...rom the Switch To select a port to view these statistics for first select the Switch in the Switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 8 10 Tx Packets Analysis line graph for Bytes Packets window ...

Page 223: ...nd 200 The default value is 200 Bytes Counts the number of bytes successfully sent from the port Packets Counts the number of packets successfully sent on the port Unicast Counts the total number of good packets that were transmitted by a unicast address Multicast Counts the total number of good packets that were transmitted by a multicast address Broadcast Counts the total number of good packets ...

Page 224: ...g menu to view the following graph of error packets received on the Switch To select a port to view these statistics for first select the Switch in the Switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 8 1...

Page 225: ...have a good CRC Undersize packets usually indicate collision fragments a normal network occurrence OverSize Counts packets received that were longer than 1518 octets or if a VLAN frame is 1522 octets and less than the MAX_PKT_LEN Internally MAX_PKT_LEN is equal to 1522 Fragment The number of packets less than 64 bytes with either bad framing or an invalid CRC These are normally the result of colli...

Page 226: ... received on the Switch To select a port to view these statistics for first select the Switch in the switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 8 14 Tx Error Analysis line graph window ...

Page 227: ... was busy CRC Error Counts otherwise valid packets that did not end on a byte octet boundary LateColl Counts the number of times that a collision is detected later than 512 bit times into the transmission of a packet ExColl Excessive Collisions The number of packets for which transmission failed due to excessive collisions SingColl Single Collision Frames The number of successfully transmitted pac...

Page 228: ...ze to be viewed as either a line graph or a table Two windows are offered To select a port to view these statistics for first select the Switch in the Switch stack by using the Unit pull down menu and then select the port by using the Port pull down menu The user may also use the real time graphic of the Switch and or switch stack at the top of the web page by simply clicking on a port Figure 8 16...

Page 229: ...tets 128 255 The total number of packets including bad packets received that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets 256 511 The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets 512 1023 The total number of packets including bad ...

Page 230: ...C address forwarding table to be viewed When the Switch learns an association between a MAC address and a port number it makes an entry into its forwarding table These entries are then used to forward packets through the Switch Figure 8 18 MAC Address Table window The following fields can be set ...

Page 231: ...AC Address The MAC address entered into the address table Unit Refers to the Unit of the Switch stack from which the MAC address was learned Port The port to which the MAC address above corresponds Type Describes the method which the Switch discovered the MAC address The possible entries are Dynamic Self and Static Next Click this button to view the next page of the address table Clear Dynamic Ent...

Page 232: ...o the PC connected to the console manager Clicking Next at the bottom of the window will allow you to display all the Switch Trap Logs The information is described as follows Parameter Description Sequence A counter incremented whenever an entry to the Switch s history log is made The table displays the last entry highest sequence number first Time Displays the time in days hours and minutes since...

Page 233: ...The user may search the IGMP Snooping Group Table by VLAN Name by entering it in the top left hand corner and clicking Search The following field can be set Parameter Description VLAN Name The VLAN Name of the multicast group Multicast Group The IP address of the multicast group MAC Address The MAC address of the multicast group Reports The total number of reports received for this group Port Memb...

Page 234: ...ping Forwarding link Figure 8 21 IGMP Snooping Forwarding Table The user may search the IGMP Snooping Forwarding Table by VLAN Name using the top left hand corner Search The following field can be viewed Parameter Description VLAN Name The VLAN Name of the multicast group Source IP The Source IP address of the multicast group Multicast Group The IP address of the multicast group Port Map These are...

Page 235: ...DGS 3312SR Stackable Gigabit Layer 3 Switch 222 VLAN Status This window displays the status of VLANs on any Switch in a Switch stack managed by a DGS 3312SR Figure 8 22 VLAN Status window ...

Page 236: ...ts are currently configured as router ports A router port configured by a user using the console or Web based management interfaces is displayed as a static router port designated by S A router port that is dynamically configured by the Switch is designated by D Figure 8 23 Browse Router Port window ...

Page 237: ...DGS 3312SR Stackable Gigabit Layer 3 Switch 224 Session Table This window displays the management sessions since the Switch was last rebooted Figure 8 24 Current Session Table window ...

Page 238: ...parameters located in this window and click Start Parameter Description Target IP Address Enter the IP address of the computer to be traced TTL The time to live value of the trace route request This is the maximum number of routers the traceroute command will cross while seeking the network path between two devices Port The virtual port number The port number must be above 1024 The value range is ...

Page 239: ...e found in the Monitoring folder in the Layer 3 Feature sub folder This window allows the user to view IP addresses discovered by the Switch To search a specific IP address enter it into the field labeled IP Address at the top of the screen and click Find to begin your search Figure 8 26 IP Address window ...

Page 240: ...route enter an IP address into the Destination Address field along with a proper subnet mask into the Mask field Figure 8 27 Routing Table window Browse ARP Table The ARP Table window may be found in the Monitoring folder in the Layer 3 Feature sub folder This window will show current ARP entries on the Switch To search a specific ARP entry enter an interface name into the Interface Name or an IP ...

Page 241: ... an multicast group IP address into the Multicast Group field or a Source IP address and click Find Figure 8 29 IP Multicast Forwarding Table window Browse IGMP Group Table The IGMP Group Table window may be found in the Monitoring folder in the Layer 3 Feature sub folder This window will show current IGMP group entries on the Switch To search a specific IGMP group entry enter an interface name in...

Page 242: ... If LSDB is selected you must select the type of link state RTRLink NETLink Summary ASSummary and ASExtLink in the LSDB Type field and then click Find If Area ID Advertise Router ID is selected as the browse method you must enter the IP address in the Area ID field and the IP address in the Advertise Router ID field and then click Find If Area ID LSDB is selected as the browse method you must ente...

Page 243: ...nated Router 3 The destination network s IP address 4 The Router ID of the described AS boundary router Cost Displays the cost of the table entry Sequence Displays a sequence number corresponding to number of times the current link has been advertised as changed Browse OSPF Neighbor Table This table can be found in the OSPF Monitor folder by clicking on the Browse OSPF Neighbor Table link Routers ...

Page 244: ...y search a virtual neighbor by using one of the two search options at the top of the window Figure 8 33 OSPF Virtual Neighbor Table window Parameter Description Transit Area ID Allows the entry of an OSPF Area ID previously defined on the Switch that allows a remote area to communicate with the backbone area 0 A Transit Area cannot be a Stub Area or a Backbone Area Neighbor ID The OSPF router ID f...

Page 245: ... your search by entering a Source IP Address and its subnet mask into the fields at the top of the window and clicking Browse Figure 8 34 DVMRP Routing Table window Browse DVMRP Neighbor Address Table This table found in the Monitoring folder in the Layer 3 Feature sub folder under DVMRP Monitor contains information about DVMRP neighbors of the Switch You may define your search by entering an Inte...

Page 246: ... Routing Protocol chapter of Section 6 Configuration Browse PIM Neighbor Address Table The PIM Neighbor Address Table contains information regarding each of a router s PIM neighbors This screen may be found in the Monitoring folder under the heading PIM Monitor To search this table enter either an Interface Name or Neighbor Address into the respective field and click the Find button PIM neighbors ...

Page 247: ... link Figure 9 1 Download Firmware window Use the Unit Number drop down menu to select which Switch of a Switch stack on which you want to update the firmware This allows the selection of a particular Switch from a Switch stack if you have installed the optional stacking module and have properly interconnected the Switches The number 15 indicates a Switch in standalone mode Enter the IP address of...

Page 248: ...s to a TFTP server click on the Maintenance folder and then the TFTP Service folder and then the Save Settings link Figure 9 3 Save Settings to TFTP Server window Enter the IP address of the TFTP server and the path and filename for the history log on the TFTP server Click Apply to make the changes current Click Start to initiate the file transfer Upload Log To upload the Switch history log file t...

Page 249: ...nfiguration changes are made effective clicking the Apply button When this is done the settings will be immediately applied to the Switching software in RAM and will immediately take effect Some settings though require you to restart the Switch before they will take effect Restarting the Switch erases all settings in RAM and reloads the stored settings from the NV RAM Thus it is necessary to save ...

Page 250: ...unts and History Log while resetting all other configuration parameters to their factory defaults If the Switch is reset with this option enabled and Save Changes is not executed the Switch will return to the last saved configuration when rebooted The Reset Config option will reset all of the Switch s configuration parameters to their factory defaults without saving these default values to the Swi...

Page 251: ...tch Clicking the No click box instructs the Switch not to save the current configuration before restarting the Switch All of the configuration information entered from the last time Save Changes was executed will be lost Click the Restart button to restart the Switch Figure 9 8 Restart System window Logout Use this window to logout of the Switch s Web based management agent by clicking on the Log ...

Page 252: ...S a member of a SIM group and a Candidate Switch CaS which is a Switch that has a physical link to the SIM group but has not been recognized by the CS as a member of the SIM group A SIM group can only have one Commander Switch CS All switches in a particular SIM group must be in the same IP subnet broadcast domain Members of a SIM group cannot cross a router A SIM group accepts up to 32 switches n...

Page 253: ...switch to operate as the CS of a SIM group additional DGS 3312SR switches may join the group either by an automatic method or by manually configuring the Switch to be a MS The CS will then serve as the in band entry point for access to the MS The CS s IP address will become the path to all MS s of the group and the CS s Administrator s password and or authentication will control access to all MS s...

Page 254: ...ut is connected to a Commander Switch This is the default setting for the SIM role of the DGS 3312SR Commander Choosing this parameter will make the Switch a Commander Switch CS The user may join other switches to this Switch over Ethernet to be part of its SIM group Choosing this option will also enable the Switch to be configured for SIM Discovery Interval The user may set the discovery protocol...

Page 255: ...ation under the Data tab Parameter Description Device Name This field will display the Device Name of the Switches in the SIM group configured by the user If no Device Name is configured by the name it will be given the name default and tagged with the last six digits of the MAC Address to identify it Local Port Displays the number of the physical port on the CS that the MS or CaS is connected to ...

Page 256: ...e 10 5 Topology view This screen will display how the devices within the Single IP Management Group are connected to other groups and devices Possible icons in this screen are as follows Icon Description Group Layer 2 commander switch Layer 3 commander switch Commander switch of other group Layer 2 member switch Layer 3 member switch Member switch of other group Layer 2 candidate switch Layer 3 ca...

Page 257: ...ver a specific device in the topology window tool tip will display the same information about a specific device as the Tree view does See the window below for an example Figure 10 6 Device Information Utilizing the Tool Tip Setting the mouse cursor over a line between two devices will display the connection speed between the two devices as shown below Figure 10 7 Port Speed Utilizing the Tool Tip ...

Page 258: ...ion Parameter Description Device Name This field will display the Device Name of the Switches in the SIM group configured by the user If no Device Name is configured by the name it will be given the name default and tagged with the last six digits of the MAC Address to identify it Module Name Displays the full module name of the Switch that was right clicked MAC Address Displays the MAC Address of...

Page 259: ...licking a Commander Icon The following options may appear for the user to configure Collapse to collapse the group that will be represented by a single icon Expand to expand the SIM group in detail Property to pop up a window to display the group information Figure 10 11 Property dialog box ...

Page 260: ...ar for the user to configure Collapse to collapse the group that will be represented by a single icon Expand to expand the SIM group in detail Remove from group remove a member from a group Configure launch the web management to configure the Switch Property to pop up a window to display the device information Figure 10 13 Property window ...

Page 261: ...up in detail Add to group add a candidate to a group Clicking this option will reveal the following screen for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group Click OK to enter the password or Cancel to exit the window Figure 10 15 Input Password dialog box Property to pop up a window to display the device information as shown below Fig...

Page 262: ... to open at SIM startup Group Add to group add a candidate to a group Clicking this option will reveal the following screen for the user to enter a password for authentication from the Candidate Switch before being added to the SIM group Click OK to enter the password or Cancel to exit the window Figure 10 18 Input Password window Remove from Group remove an MS from the group Device Configure will...

Page 263: ...ort heading To update the firmware enter the Server IP Address where the firmware resides and enter the Path Filename of the firmware Click Download to initiate the file transfer Figure 10 20 Firmware Upgrade window Configuration File Backup Restore This screen is used to upgrade configuration files from the Commander Switch to the Member Switch Member Switches will be listed in the table and will...

Page 264: ...duplex Flow Control IEEE 802 3 Nway auto negotiation Protocols CSMA CD Data Transfer Rates Ethernet Fast Ethernet Gigabit Ethernet Fiber Optic Half duplex Full duplex 10 Mbps 20Mbps 100Mbps 200Mbps N A 2000Mbps IEC 793 2 1992 Type A1a 50 125um multimode Type A1b 62 5 125um multimode Both types use LC optical connector Topology Star Network Cables UTP Cat 5 for 100Mbps UTP Cat 3 4 5 for 10Mbps EIA ...

Page 265: ... 1000000 seconds Default 300 Physical Environmental AC inputs 100 240 VAC 50 60 Hz internal universal power supply Power Consumption 30 watts maximum DC fans 1 built in 75 x 75 x30 mm fan Operating Temperature 0 to 40 degrees Celsius 32 to 104 degrees Fahrenheit Storage Temperature 25 to 55 degrees Celsius 13 to 131 degrees Fahrenheit Humidity Operating 5 to 95 RH non condensing Storage 0 to 95 RH...

Page 266: ... The following diagrams and tables show the standard RJ 45 receptacle connector and their pin assignments Figure B 1 The standard RJ 45 port and connector RJ 45 Pin Assignments Contact MDI X Port MDI II Port 1 RD receive TD transmit 2 RD receive TD transmit 3 TD transmit RD receive 4 Not used Not used 5 Not used Not used 6 TD transmit RD receive 7 Not used Not used 8 Not used Not used Figure B 2 T...

Page 267: ...Type Maximum Distance Mini GBIC 1000BASE LX Single mode fiber module 1000BASE SX Multi mode fiber module 1000BASE LHX Single mode fiber module 1000BASE ZX Single mode fiber module 10km 550m 40km 80km 1000BASE T Category 5e UTP Cable Category 5 UTP Cable 1000 Mbps 100m 100BASE TX Category 5 UTP Cable 100 Mbps 100m 10BASE T Category 3 UTP Cable 10 Mbps 100m ...

Page 268: ...tion devices on the network broadcast storm Multiple simultaneous broadcasts that typically absorb available network bandwidth and can cause network failure console port The port on the Switch accepting a terminal or modem connector It changes the parallel arrangement of data within computers to the serial form used on data transmission links This port is most often used for dedicated local manage...

Page 269: ...inally designed to be used in managing TCP IP internets SNMP is presently implemented on a wide range of computers and networking equipment and may be used to manage many aspects of network and end station operation Spanning Tree Protocol STP A bridge based system for providing fault tolerance on networks STP works by allowing you to implement parallel paths for network traffic and ensure that red...

Page 270: ...vironment this product may cause radio interference in which case the user may be required to take adequate measures Warnung Dies ist ein Produkt der Klasse A Im Wohnbereich kann dieses Produkt Funkstoerungen verursachen In diesem Fall kann vom Benutzer verlangt werden angemessene Massnahmen zu ergreifen Precaución Este es un producto de Clase A En un entorno doméstico puede causar interferencias ...

Page 271: ...Gerätes ist eine geprüfte Leitung zu verwenden Für einen Nennstrom bis 6A und einem Gerätegewicht grőßer 3kg ist eine Leitung nicht leichter als H05VV F 3G 0 75mm2 einzusetzen WARRANTIES EXCLUSIVE IF THE D LINK PRODUCT DOES NOT OPERATE AS WARRANTED ABOVE THE CUSTOMER S SOLE REMEDY SHALL BE AT D LINK S OPTION REPAIR OR REPLACEMENT THE FOREGOING WARRANTIES AND REMEDIES ARE EXCLUSIVE AND ARE IN LIEU ...

Page 272: ...thorized reseller or distributor and Only for products purchased and delivered within the fifty states of the United States the District of Columbia U S Possessions or Protectorates U S Military Installations or addresses with an APO or FPO Limited Warranty D Link warrants that the hardware portion of the D Link product described below Hardware will be free from material defects in workmanship and...

Page 273: ...tion pertaining to the product While necessary maintenance or repairs on your Product can be performed by any company we recommend that you use only an Authorized D Link Service Office Improper or incorrectly performed maintenance or repair voids this Limited Warranty Disclaimer of Other Warranties EXCEPT FOR THE LIMITED WARRANTY SPECIFIED HEREIN THE PRODUCT IS PROVIDED AS IS WITHOUT ANY WARRANTY ...

Page 274: ... interference by one or more of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help For detailed warranty information applicable to products purchased outsi...

Page 275: ...Registration Register your D Link product online at http support dlink com register Product registration is entirely voluntary and failure to complete or return this form will not diminish your warranty rights ...

Page 276: ... part of this publication may be reproduced in any form or by any means or used to make an derivative such as translation transformation or adaptation without permission from D Link Corporation D Link Systems Inc as stipulated by the United States Copyright Act of 1976 CE EMI class A warning This is a Class A product In a domestic environment this product may cause radio interference in which case...

Page 277: ...suse including failure to operate the product in accordance with specifications or interface requirements c improper handling d failure of goods or services not obtained from D LINK or not subject to a then effective D LINK warranty or maintenance agreement e improper use or storage or f fire water acts of God or other catastrophic events This warranty shall also not apply to any particular produc...

Page 278: ...hafter Bedienung d Versagen von Produkten oder Diensten die nicht von D LINK stammen oder nicht Gegenstand einer zum maßgeblichen Zeitpunkt gültigen Garantie oder Wartungsvereinbarung sind e Fehlgebrauch oder fehlerhafter Lagerung oder f Feuer Wasser höherer Gewalt oder anderer Katastrophen Diese Garantie gilt ebenfalls nicht für Produkte bei denen eine D LINK Seriennummer entfernt oder auf sonsti...

Page 279: ...n du produit non conforme à ses spécifications ou aux interfaces requises c d une mauvaise manipulation d d une panne de biens ou de services acquis auprès d une société tierce non D LINK ou qui ne font pas l objet d un contrat D LINK de garantie ou de maintenance en bonne et due forme e d une mauvaise utilisation ou d un rangement dans des conditions inadaptées ou f du feu de l eau d une catastro...

Page 280: ...s requisitos de la interfaz en el funcionamiento del producto c manejo incorrecto d errores en artículos o servicios ajenos a D LINK o no sujetos a una garantía o un contrato de mantenimiento vigentes de D LINK e uso o almacenamiento incorrecto o f fuego agua casos fortuitos u otros hechos catastróficos Esta garantía tampoco es válida para aquellos productos a los que se haya eliminado o alterado ...

Page 281: ... requisiti di connessione c movimentazione impropria d guasto di prodotti o servizi non forniti da D LINK o non soggetti a una garanzia successiva di D LINK o a un accordo di manutenzione e impiego o conservazione impropri f incendio inondazione cause di forza maggiore o altro evento catastrofico accidentale La presente garanzia non si applica altresì ad alcun prodotto particolare qualora il numer...

Page 282: ... Avenue North Ryde NSW 2113 Australia TEL 61 2 8899 1800 FAX 61 2 8899 1868 URL www dlink com au India D Link House Kurla Bandra Complex Road Off CST Road Santacruz East Mumbai 400098 India TEL 91 022 26526696 56902210 FAX 91 022 26528914 URL www dlink co in Middle East Dubai P O Box 500376 Office No 103 Building 3 Dubai Internet City Dubai United Arab Emirates Tel 971 4 3916480 Fax 971 4 3908881 ...

Page 283: ... the following questions help us to support your product 1 Where and how will the product primarily be used Home Office Travel Company Business Home Business Personal Use 2 How many employees work at installation site 1 employee 2 9 10 49 50 99 100 499 500 999 1000 or more 3 What network protocol s does your organization use XNS IPX TCP IP DECnet Others_____________________________ 4 What network ...

Reviews:

No comments

Related manuals for DGS-3312SR

Xantech D5SH Installation Instructions Manual preview
D5SH
Brand: Xantech Pages: 20
ifs POC2502 Series User Manual preview
POC2502 Series
Brand: ifs Pages: 352
Kramer VP-311DVI User Manual preview
VP-311DVI
Brand: Kramer Pages: 17
cable matters 201063 User Manual preview
201063
Brand: cable matters Pages: 12
Alpha Cordex HP CXRF 48-2.4kW Manual preview
Cordex HP CXRF 48-2.4kW
Brand: Alpha Pages: 56
Lantech TGS-L6216XT User Manual preview
TGS-L6216XT
Brand: Lantech Pages: 24
T.I.P. TLS 100 E Manual preview
TLS 100 E
Brand: T.I.P. Pages: 42
FIBERROAD FR-6R3204 User Manual preview
FR-6R3204
Brand: FIBERROAD Pages: 30
QTech QSW-4600 Series Hardware Installation And Reference Manual preview
QSW-4600 Series
Brand: QTech Pages: 58
H3C IE4300-12P-PWR Installation Manual preview
IE4300-12P-PWR
Brand: H3C Pages: 38
Helmholz PROFINET 4-port Quick Start Manual preview
PROFINET 4-port
Brand: Helmholz Pages: 20
Netis ST-3131 User Manual preview
ST-3131
Brand: Netis Pages: 9
Gefen EXT-DPKVM-841 User Manual preview
EXT-DPKVM-841
Brand: Gefen Pages: 31
Advantech eWorx SE500 User Manual preview
eWorx SE500
Brand: Advantech Pages: 209
UNICOM MicroGST/5 GEP-32005T User Manual preview
MicroGST/5 GEP-32005T
Brand: UNICOM Pages: 12
Ltech LT-424-MC Quick Start Manual preview
LT-424-MC
Brand: Ltech Pages: 2
J-Tech Digital JTD-2874 User Manual preview
JTD-2874
Brand: J-Tech Digital Pages: 8
Eaton NZM3-XKR Instruction Leaflet preview
NZM3-XKR
Brand: Eaton Pages: 4

Brands by name

Popular brands

Load more brands